CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10032
https://notcve.org/view.php?id=CVE-2018-10032
11 Apr 2018 — CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter. CMS Made Simple (también conocido como CMSMS) 2.2.7 tiene Cross-Site Scripting (XSS) reflejado en admin/moduleinterface.php a través del parámetro m1_version. • https://github.com/zxyxx/cmsms_vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10033
https://notcve.org/view.php?id=CVE-2018-10033
11 Apr 2018 — CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter. CMS Made Simple (también conocido como CMSMS) 2.2.7 tiene Cross-Site Scripting (XSS) persistente en admin/siteprefs.php a través del parámetro metadata. • https://github.com/zxyxx/cmsms_vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000092
https://notcve.org/view.php?id=CVE-2018-1000092
13 Mar 2018 — CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability appears to have been fixed in 2.2.6. CMS Made Simple, versión 2.2.5, contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la página de perfil de Administrador, cuyos detalles pueden encontrarse aquí... • http://dev.cmsmadesimple.org/bug/view/11715 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 56%CPEs: 1EXPL: 4CVE-2018-1000094 – CMS Made Simple 2.2.5 - (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-1000094
13 Mar 2018 — CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension. CMS Made Simple 2.2.5 contiene una vulnerabilidad de ejecución remota de código en File Manager que podría permitir que un administrador autenticado con acceso al gestor de archivos ejecute código en el servidor. El ataque p... • https://packetstorm.news/files/id/148622 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-5963 – CMS Made Simple 2.2.5 Persistent Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-5963
24 Jan 2018 — CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. CMS Made Simple (CMSMS) 2.2.5 tiene Cross-Site Scripting (XSS) en admin/addbookmark.php a través del parámetro title. CMS Made Simple version 2.2.5 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/146033/CMS-Made-Simple-2.2.5-Persistent-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-5964 – CMS Made Simple 2.2.5 moduleinterface.php title Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-5964
24 Jan 2018 — CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. CMS Made Simple (CMSMS) 2.2.5 tiene Cross-Site Scripting (XSS) en admin/moduleinterface.php a través del parámetro m1_messages. CMS Made Simple version 2.2.5 suffers from a reflective cross site scripting vulnerability in /admin/moduleinterface.php. • http://packetstormsecurity.com/files/146034/CMS-Made-Simple-2.2.5-moduleinterface.php-title-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-5965 – CMS Made Simple 2.2.5 moduleinterface.php m1_errors Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-5965
24 Jan 2018 — CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. CMS Made Simple (CMSMS) 2.2.5 tiene Cross-Site Scripting (XSS) en admin/moduleinterface.php a través del parámetro m1_errors. CMS Made Simple version 2.2.5 suffers from a reflective cross site scripting vulnerability in /admin/moduleinterface.php. • http://packetstormsecurity.com/files/146035/CMS-Made-Simple-2.2.5-moduleinterface.php-m1_errors-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0CVE-2005-2392
https://notcve.org/view.php?id=CVE-2005-2392
27 Jul 2005 — Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function. Vulnerabilidad de secuencia de comandos en sitios cruzados en index.php para CMSSimple 2.4 y anteriores permite que atacantes remotos inyecten script web arbitrario o HTML mediante el parámetro "search" en la función de búsqueda. • http://lostmon.blogspot.com/2005/07/cmsimple-search-variable-xss.html •