NotCVE - vendor:"Cmsmadesimple" product:"Cms Made Simple" version:"2.2.3.1"

Page 4 of 36 results (0.001 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-10032

https://notcve.org/view.php?id=CVE-2018-10032

11 Apr 2018 — CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter. CMS Made Simple (también conocido como CMSMS) 2.2.7 tiene Cross-Site Scripting (XSS) reflejado en admin/moduleinterface.php a través del parámetro m1_version. • https://github.com/zxyxx/cmsms_vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-10033

https://notcve.org/view.php?id=CVE-2018-10033

11 Apr 2018 — CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter. CMS Made Simple (también conocido como CMSMS) 2.2.7 tiene Cross-Site Scripting (XSS) persistente en admin/siteprefs.php a través del parámetro metadata. • https://github.com/zxyxx/cmsms_vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-17734

https://notcve.org/view.php?id=CVE-2017-17734

18 Dec 2017 — CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. CMS Made Simple (CMSMS) en versiones anteriores a la 2.2.5 no almacena en caché correctamente la información de inicio de sesión en las sesiones. • https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-17735

https://notcve.org/view.php?id=CVE-2017-17735

18 Dec 2017 — CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. CMS Made Simple (CMSMS) en versiones anteriores a la 2.2.5 no almacena en caché correctamente la información de inicio de sesión en las cookies. • https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-16798

https://notcve.org/view.php?id=CVE-2017-16798

12 Nov 2017 — In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. En CMS Made Simple 2.2.3.1, la función is_file_acceptable en modules/FileManager/action.upload.php solo bloquea las extensiones de archivo que empiezan o finalizan con una subcadena "php... • https://github.com/bsmali4/cve/blob/master/CMS%20Made%20Simple%20UPLOAD%20FILE%20XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0

CVE-2005-2392

https://notcve.org/view.php?id=CVE-2005-2392

27 Jul 2005 — Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function. Vulnerabilidad de secuencia de comandos en sitios cruzados en index.php para CMSSimple 2.4 y anteriores permite que atacantes remotos inyecten script web arbitrario o HTML mediante el parámetro "search" en la función de búsqueda. • http://lostmon.blogspot.com/2005/07/cmsimple-search-variable-xss.html •

1 2 3 4