CVSS: 7.2EPSS: 6%CPEs: 1EXPL: 1CVE-2022-23906
https://notcve.org/view.php?id=CVE-2022-23906
28 Feb 2022 — CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. Se ha detectado que CMS Made Simple versión v2.2.15, contiene una vulnerabilidad de Ejecución de Comandos Remota (RCE) por medio de la función upload avatar. Esta vulnerabilidad es explotada por medio de un archivo de imagen diseñado. • http://dev.cmsmadesimple.org/bug/view/12502 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23481
https://notcve.org/view.php?id=CVE-2020-23481
22 Sep 2021 — CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field. Se ha detectado que CMS Made Simple versión 2.2.14, contiene una vulnerabilidad de tipo cross-site scripting (XSS) que permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada en el campo Field Definition text • http://dev.cmsmadesimple.org/bug/view/12317 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9060
https://notcve.org/view.php?id=CVE-2019-9060
17 Sep 2021 — An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1). Se ha detectado un problema en CMS Made Simple versión 2.2.8. Es posible lograr un salto de ruta no autenticado en el m... • http://dev.cmsmadesimple.org/project/changelog/5819 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-22732
https://notcve.org/view.php?id=CVE-2020-22732
05 Aug 2021 — CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker.. CMS Made Simple (CMSMS) versión 2.2.14, permite un ataque de tipo XSS almacenado por medio de las Extensiones ) Fie Picker.. • http://dev.cmsmadesimple.org/bug/view/12288 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23241
https://notcve.org/view.php?id=CVE-2020-23241
26 Jul 2021 — Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en CMS Made Simple versión 2.2.14, en "Extra" por medio de la funcionalidad "News ) Article" • http://dev.cmsmadesimple.org/bug/view/12322 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23240
https://notcve.org/view.php?id=CVE-2020-23240
26 Jul 2021 — Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en CMS Made Simple versión 2.2.14 por medio del campo Logic en la funcionalidad Content Manager • http://dev.cmsmadesimple.org/bug/view/12321 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36416
https://notcve.org/view.php?id=CVE-2020-36416
02 Jul 2021 — A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en CMS Made Simple versión 2.2.14, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el parámetro "Create a new Design" en el módul... • http://dev.cmsmadesimple.org/bug/view/12325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36415
https://notcve.org/view.php?id=CVE-2020-36415
02 Jul 2021 — A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Stylesheet" parameter under the "Stylesheets" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en CMS Made Simple versión 2.2.14, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el parámetro "Create a new Stylesheet"... • http://dev.cmsmadesimple.org/bug/view/12325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36414
https://notcve.org/view.php?id=CVE-2020-36414
02 Jul 2021 — A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)" or "Extra" fields under the "Add Article" feature. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en CMS Made Simple versión 2.2.14, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en los campos "URL (slug)" o "Extra" en la fu... • http://dev.cmsmadesimple.org/bug/view/12325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36413
https://notcve.org/view.php?id=CVE-2020-36413
02 Jul 2021 — A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en CMS Made Simple versión 2.2.14, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el... • http://dev.cmsmadesimple.org/bug/view/12325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •