Page 2 of 106 results (0.004 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2

CVE-2023-43355

https://notcve.org/view.php?id=CVE-2023-43355

20 Oct 2023 — Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component. La vulnerabilidad de Cross Site Scripting en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado para los parámetros contraseña y contraseña nuevamente en My Preferences - Add user. • https://github.com/sromanhu/CVE-2023-43355-CMSmadesimple-Reflected-XSS---Add-user • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-43359

https://notcve.org/view.php?id=CVE-2023-43359

19 Oct 2023 — Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component. La vulnerabilidad de Cross-Site Scripting (XSS) en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado para los parámetros de datos Smarty y metadatos específicos de la página en el componente del Menú del Administrador de Co... • https://github.com/sromanhu/CVE-2023-43359-CMSmadesimple-Stored-XSS----Content-Manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2

CVE-2023-43872

https://notcve.org/view.php?id=CVE-2023-43872

28 Sep 2023 — A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). Vulnerabilidad de carga de archivos en CMSmadesimple v.2.2.18 permite a un atacante local cargar un archivo pdf con Cross Site Scripting (XSS) oculto. • https://github.com/sromanhu/CVE-2023-43872-CMSmadesimple-Arbitrary-File-Upload--XSS---File-Manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 3

CVE-2023-43339

https://notcve.org/view.php?id=CVE-2023-43339

25 Sep 2023 — Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components. La vulnerabilidad de Cross-Site Scripting (XSS) en cmsmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un payload manipulado inyectado en los componentes Nombre de la base de datos, Usuario de la base de datos o Puerto de la base de datos. • https://github.com/sromanhu/CVE-2023-43339-CMSmadesimple-Reflected-XSS---Installation • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 40%CPEs: 1EXPL: 2

CVE-2023-36969 – CMS Made Simple 2.2.21 Remote Code Execution

https://notcve.org/view.php?id=CVE-2023-36969

06 Jul 2023 — CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. CMS Made Simple versions 2.2.21 and below allow an authenticated administrator to upload files with the .phar or .phtml extensions, enabling execution of PHP code leading to remote code execution. • https://packetstorm.news/files/id/190114 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-36970

https://notcve.org/view.php?id=CVE-2023-36970

06 Jul 2023 — A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. • https://okankurtulus.com.tr/2023/06/27/cms-made-simple-v2-2-17-stored-cross-site-scripting-xss-authenticated • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-28998

https://notcve.org/view.php?id=CVE-2021-28998

08 May 2023 — File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. • https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/file_upload_RCE/File_upload_to_RCE.md • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-28999

https://notcve.org/view.php?id=CVE-2021-28999

08 May 2023 — SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php. • https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/sqli_order_by/CMS-MS-SQLi-report.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3

CVE-2021-40961

https://notcve.org/view.php?id=CVE-2021-40961

09 Jun 2022 — CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '. CMS Made Simple versiones anteriores a 2.2.15 incluyéndola, está afectado por una inyección SQL en el archivomodules/News/function.admin_articlestab.php. La variable $sortby está concatenada con $query1, pero es posible inyectar un lenguaje SQL arbitrario sin usar la variable " • https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/sqli_order_by/CMS-MS-SQLi-report.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-43154

https://notcve.org/view.php?id=CVE-2021-43154

13 Apr 2022 — Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en CMS Made Simple versión 2.2.15, por medio del campo Name en una acción Add Category en el archivo moduleinterface.php • https://elprofesor.me/2021/10/24/stored-cross-site-scripting-via-m1-name-authenticated • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •