Page 5 of 26 results (0.005 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3

CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website. CMS Made Simple versión 2.2.14, permite a un usuario autenticado con acceso al Content Manager editar el contenido y colocar la carga útil de tipo XSS persistente en los campos de texto afectados. El usuario puede obtener cookies de cada usuario autenticado que visita el sitio web CMS Made Simple version 2.2.14 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/159434/CMS-Made-Simple-2.2.14-Cross-Site-Scripting.html https://www.cmsmadesimple.org https://www.exploit-db.com/exploits/48851 https://www.youtube.com/watch?v=M6D7DmmjLak&t=22s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. CMS Made Simple versiones anteriores a 2.2.15, permite un ataque de tipo XSS por medio del parámetro m1_mod en una acción ModuleManager en la función local_uninstall en archivo admin/moduleinterface.php • http://dev.cmsmadesimple.org/bug/view/12291 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. CMS Made Simple versión 2.2.14, permite una Carga de Archivos Arbitraria Autenticada porque el File Manager no bloquea los archivos .ptar, un problema relacionado al CVE-2017-16798. • https://www.exploit-db.com/exploits/48742 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page. CMS Made Simple versión 2.2.14, permite un ataque de tipo XSS por medio de Search Term en la página admin/moduleinterface.php?mact=ModuleManager • http://dev.cmsmadesimple.org/bug/view/12324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name. CMS Made Simple versiones hasta 2.2.14, permite un ataque de tipo XSS por medio de un nombre de perfil de File Picker. • http://dev.cmsmadesimple.org/bug/view/12312 https://www.youtube.com/watch?v=Q6RMhmpScho • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •