CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7255
https://notcve.org/view.php?id=CVE-2017-7255
24 Mar 2017 — XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack. XSS existe en la característica CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" a través del parámetro m1_title. Alguien debe iniciar sesión para realizar el ataque. • http://www.03i0.com/index.php/archives/113 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7256
https://notcve.org/view.php?id=CVE-2017-7256
24 Mar 2017 — XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack. XSS existe en la característica CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" característica a través del parámetro m1_summary. Alguien debe iniciar sesión para realizar el ataque. • http://www.03i0.com/index.php/archives/113 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7257
https://notcve.org/view.php?id=CVE-2017-7257
24 Mar 2017 — XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack. XSS existe en la característica CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" a través del parámetro m1_content. Alguien debe iniciar sesión para realizar el ataque. • http://www.03i0.com/index.php/archives/113 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6555
https://notcve.org/view.php?id=CVE-2017-6555
09 Mar 2017 — Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description"). Vulnerabilidad de XSS en /admin/moduleinterface.php en CMS Made Simple 2.1.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro m1_description (vulnerabilidad también conocida como "D... • http://www.daimacn.com/?id=7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6556
https://notcve.org/view.php?id=CVE-2017-6556
09 Mar 2017 — Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field. Vulnerabilidad de XSS en CMS Made Simple (CMSMS) 2.1.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del campo "adminpage > sitesetting > General Settings > globalmetadata". • http://www.daimacn.com/?id=8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0CVE-2005-2392
https://notcve.org/view.php?id=CVE-2005-2392
27 Jul 2005 — Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function. Vulnerabilidad de secuencia de comandos en sitios cruzados en index.php para CMSSimple 2.4 y anteriores permite que atacantes remotos inyecten script web arbitrario o HTML mediante el parámetro "search" en la función de búsqueda. • http://lostmon.blogspot.com/2005/07/cmsimple-search-variable-xss.html •