CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17629
https://notcve.org/view.php?id=CVE-2019-17629
16 Oct 2019 — CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. CMS Made Simple (CMSMS) versión 2.2.11, permite un ataque de tipo XSS almacenado por parte de un administrador mediante un nombre de archivo de imagen diseñado en la pantalla "file manager ) upload images". • http://dev.cmsmadesimple.org/bug/view/12146 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17630
https://notcve.org/view.php?id=CVE-2019-17630
16 Oct 2019 — CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. CMS Made Simple (CMSMS) versión 2.2.11, permite un ataque de tipo XSS almacenado por parte de un administrador mediante un nombre de archivo de imagen diseñado en la pantalla "News ) Add Article". • http://dev.cmsmadesimple.org/bug/view/12149 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17226
https://notcve.org/view.php?id=CVE-2019-17226
06 Oct 2019 — CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. CMS Made Simple (CMSMS) versión 2.2.11, permite un ataque de tipo XSS por medio del campo Site Admin ) Module Manager ) Search Term. • http://dev.cmsmadesimple.org/bug/view/12148 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2019-11226 – CMS Made Simple 2.2.10 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-11226
24 May 2019 — CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News. CMS Made Simple 2.2.10 tiene XSS a través del parámetro m1_name en "Agregar artículo" en Contenido -> Administrador de contenido -> Noticias. CMS Made Simple version 2.2.10 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/153071 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11513
https://notcve.org/view.php?id=CVE-2019-11513
25 Apr 2019 — The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action. El Administrador de Archivos en el CMS Made Simple, hasta la versión 2.2.10, es vulnerable a un XSS reflejado a través del campo "Nuevo nombre" en una acción Renombrar. • http://dev.cmsmadesimple.org/bug/view/12022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-9056
https://notcve.org/view.php?id=CVE-2019-9056
11 Apr 2019 — An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers (in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php), it is possible to reach an unserialize call with an untrusted __FEU__ cookie, and achieve authenticated object injection. Se detecto un problema en CMS Made Simple versión 2.2.8. En el módulo FrontEndUsers (en el archivo class.FrontEndUsersManipulate.php o class.FrontEndUsersManipulator.php), es posible lograr una llamada no serializada con una ... • https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10107
https://notcve.org/view.php?id=CVE-2019-10107
26 Mar 2019 — CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. CMS Made Simple 2.2.10 tiene Cross-Site Scripting (XSS) mediante el campo "Email Address" en myaccount.php, que es alcanzable mediante la sección "My Preferences -> My Account". • http://dev.cmsmadesimple.org/bug/view/12003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10106
https://notcve.org/view.php?id=CVE-2019-10106
26 Mar 2019 — CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. CMS Made Simple 2.2.10 tiene Cross-Site Scripting (XSS) mediante el campo "Name" en moduleinterface.php, que es alcanzable mediante la acción "Add Category" en la sección "Site Admin Settings - News module". • http://dev.cmsmadesimple.org/bug/view/12004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10105
https://notcve.org/view.php?id=CVE-2019-10105
26 Mar 2019 — CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. CMS Made Simple 2.2.10 tiene una vulnerabilidad de auto Cross-Site Scripting (XSS) mediante el campo Name del Gestor de Diseño de Distribución, que es alcanzable mediante la acción "Create a new Template" en el Gestor de Diseño. • http://dev.cmsmadesimple.org/bug/view/12002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9061
https://notcve.org/view.php?id=CVE-2019-9061
26 Mar 2019 — An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature. Se ha descubierto un problema en CMS Made Simple 2.2.8. En el módulo ModuleManager (en el archivo action.installmodule.php), es posible alcanzar una llamada no serializada con entradas no fiables y lograr una inyección de objetos autenticada media... • https://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwg • CWE-502: Deserialization of Untrusted Data CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •