CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9060
https://notcve.org/view.php?id=CVE-2019-9060
17 Sep 2021 — An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1). Se ha detectado un problema en CMS Made Simple versión 2.2.8. Es posible lograr un salto de ruta no autenticado en el m... • http://dev.cmsmadesimple.org/project/changelog/5819 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-22732
https://notcve.org/view.php?id=CVE-2020-22732
05 Aug 2021 — CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker.. CMS Made Simple (CMSMS) versión 2.2.14, permite un ataque de tipo XSS almacenado por medio de las Extensiones ) Fie Picker.. • http://dev.cmsmadesimple.org/bug/view/12288 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23241
https://notcve.org/view.php?id=CVE-2020-23241
26 Jul 2021 — Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en CMS Made Simple versión 2.2.14, en "Extra" por medio de la funcionalidad "News ) Article" • http://dev.cmsmadesimple.org/bug/view/12322 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23240
https://notcve.org/view.php?id=CVE-2020-23240
26 Jul 2021 — Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en CMS Made Simple versión 2.2.14 por medio del campo Logic en la funcionalidad Content Manager • http://dev.cmsmadesimple.org/bug/view/12321 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36416
https://notcve.org/view.php?id=CVE-2020-36416
02 Jul 2021 — A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en CMS Made Simple versión 2.2.14, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el parámetro "Create a new Design" en el módul... • http://dev.cmsmadesimple.org/bug/view/12325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36415
https://notcve.org/view.php?id=CVE-2020-36415
02 Jul 2021 — A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Stylesheet" parameter under the "Stylesheets" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en CMS Made Simple versión 2.2.14, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el parámetro "Create a new Stylesheet"... • http://dev.cmsmadesimple.org/bug/view/12325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36414
https://notcve.org/view.php?id=CVE-2020-36414
02 Jul 2021 — A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)" or "Extra" fields under the "Add Article" feature. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en CMS Made Simple versión 2.2.14, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en los campos "URL (slug)" o "Extra" en la fu... • http://dev.cmsmadesimple.org/bug/view/12325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36413
https://notcve.org/view.php?id=CVE-2020-36413
02 Jul 2021 — A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en CMS Made Simple versión 2.2.14, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el... • http://dev.cmsmadesimple.org/bug/view/12325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36412
https://notcve.org/view.php?id=CVE-2020-36412
02 Jul 2021 — A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en CMS Made Simple versión 2.2.14, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el campo "Search Text" del módulo "Admin Search" • http://dev.cmsmadesimple.org/bug/view/12325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36411
https://notcve.org/view.php?id=CVE-2020-36411
02 Jul 2021 — A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the {page_image} tag:" or "Path for thumbnail field:" parameters under the "Content Editing Settings" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en CMS Made Simple versión 2.2.14, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada i... • http://dev.cmsmadesimple.org/bug/view/12325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •