CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2023-43339
https://notcve.org/view.php?id=CVE-2023-43339
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components. La vulnerabilidad de Cross-Site Scripting (XSS) en cmsmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un payload manipulado inyectado en los componentes Nombre de la base de datos, Usuario de la base de datos o Puerto de la base de datos. • https://github.com/sromanhu/CVE-2023-43339-CMSmadesimple-Reflected-XSS---Installation http://www.cmsmadesimple.org https://github.com/sromanhu/CVE-2023-43339-CMSmadesimple-Reflected-XSS---Installation/blob/main/README.md https://github.com/sromanhu/Cmsmadesimple-CMS-Stored-XSS/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36970
https://notcve.org/view.php?id=CVE-2023-36970
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. • https://okankurtulus.com.tr/2023/06/27/cms-made-simple-v2-2-17-stored-cross-site-scripting-xss-authenticated • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36969
https://notcve.org/view.php?id=CVE-2023-36969
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. • https://okankurtulus.com.tr/2023/06/26/cms-made-simple-v2-2-17-file-upload-remote-code-execution-rce-authenticated • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28998
https://notcve.org/view.php?id=CVE-2021-28998
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. • https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/file_upload_RCE/File_upload_to_RCE.md https://seclists.org/fulldisclosure/2021/Mar/50 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28999
https://notcve.org/view.php?id=CVE-2021-28999
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php. • https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/sqli_order_by/CMS-MS-SQLi-report.md https://seclists.org/fulldisclosure/2021/Mar/49 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •