CVE-2022-23906
https://notcve.org/view.php?id=CVE-2022-23906
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. Se ha detectado que CMS Made Simple versión v2.2.15, contiene una vulnerabilidad de Ejecución de Comandos Remota (RCE) por medio de la función upload avatar. Esta vulnerabilidad es explotada por medio de un archivo de imagen diseñado. • http://dev.cmsmadesimple.org/bug/view/12502 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-28935 – CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-28935
CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field. CMS Made Simple (CMSMS) versión 2.2.15, permite un XSS autenticado por medio del script /admin/addbookmark.php a través del campo Site Admin ) My Preferences ) Title. CMS Made Simple version 2.2.15 suffers from a reflective cross site scripting vulnerability. • https://www.exploit-db.com/exploits/49793 http://dev.cmsmadesimple.org/bug/view/12432 http://packetstormsecurity.com/files/162287/CMS-Made-Simple-2.2.15-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2005-2392
https://notcve.org/view.php?id=CVE-2005-2392
Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function. Vulnerabilidad de secuencia de comandos en sitios cruzados en index.php para CMSSimple 2.4 y anteriores permite que atacantes remotos inyecten script web arbitrario o HTML mediante el parámetro "search" en la función de búsqueda. • http://lostmon.blogspot.com/2005/07/cmsimple-search-variable-xss.html http://secunia.com/advisories/16147 http://securitytracker.com/id?1014556 http://www.aria-security.net/advisory/cmsimple.txt http://www.cmsimple.dk/forum/viewtopic.php?t=2470 http://www.osvdb.org/18128 http://www.securityfocus.com/archive/1/442106/100/100/threaded http://www.securityfocus.com/bid/14346 •