CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43357
https://notcve.org/view.php?id=CVE-2023-43357
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component. Una vulnerabilidad de Cross Site Scripting en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado en el parámetro Title en el componente Manage Shortcuts. • https://github.com/sromanhu/CVE-2023-43357-CMSmadesimple-Stored-XSS---Shortcut • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43359
https://notcve.org/view.php?id=CVE-2023-43359
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component. La vulnerabilidad de Cross-Site Scripting (XSS) en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado para los parámetros de datos Smarty y metadatos específicos de la página en el componente del Menú del Administrador de Contenido. • https://github.com/sromanhu/CVE-2023-43359-CMSmadesimple-Stored-XSS----Content-Manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-43872
https://notcve.org/view.php?id=CVE-2023-43872
A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). Vulnerabilidad de carga de archivos en CMSmadesimple v.2.2.18 permite a un atacante local cargar un archivo pdf con Cross Site Scripting (XSS) oculto. • https://github.com/sromanhu/CVE-2023-43872-CMSmadesimple-Arbitrary-File-Upload--XSS---File-Manager https://github.com/sromanhu/CMSmadesimple-File-Upload--XSS---File-Manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2023-43339
https://notcve.org/view.php?id=CVE-2023-43339
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components. La vulnerabilidad de Cross-Site Scripting (XSS) en cmsmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un payload manipulado inyectado en los componentes Nombre de la base de datos, Usuario de la base de datos o Puerto de la base de datos. • https://github.com/sromanhu/CVE-2023-43339-CMSmadesimple-Reflected-XSS---Installation http://www.cmsmadesimple.org https://github.com/sromanhu/CVE-2023-43339-CMSmadesimple-Reflected-XSS---Installation/blob/main/README.md https://github.com/sromanhu/Cmsmadesimple-CMS-Stored-XSS/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36969
https://notcve.org/view.php?id=CVE-2023-36969
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. • https://okankurtulus.com.tr/2023/06/26/cms-made-simple-v2-2-17-file-upload-remote-code-execution-rce-authenticated • CWE-434: Unrestricted Upload of File with Dangerous Type •