Page 7 of 36 results (0.002 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter. CMS Made Simple (también conocido como CMSMS) 2.2.7 tiene Cross-Site Scripting (XSS) reflejado en admin/moduleinterface.php a través del parámetro m1_version. • https://github.com/zxyxx/cmsms_vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter. CMS Made Simple (también conocido como CMSMS) 2.2.7 tiene Cross-Site Scripting (XSS) persistente en admin/siteprefs.php a través del parámetro metadata. • https://github.com/zxyxx/cmsms_vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. CMS Made Simple (CMSMS) en versiones anteriores a la 2.2.5 no almacena en caché correctamente la información de inicio de sesión en las sesiones. • https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737 https://www.cmsmadesimple.org/2017/12/Announcing-CMSMS-v2.2.5-Wawa • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. CMS Made Simple (CMSMS) en versiones anteriores a la 2.2.5 no almacena en caché correctamente la información de inicio de sesión en las cookies. • https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737 https://www.cmsmadesimple.org/2017/12/Announcing-CMSMS-v2.2.5-Wawa • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. En CMS Made Simple 2.2.3.1, la función is_file_acceptable en modules/FileManager/action.upload.php solo bloquea las extensiones de archivo que empiezan o finalizan con una subcadena "php", lo que permite a los atacantes remotos omitir las restricciones de acceso planeadas o desencadenar Cross-Site Scripting (XSS) mediante otras extensiones, tal y como se demostró con .phtml, .pht, .html o .svg. • https://github.com/bsmali4/cve/blob/master/CMS%20Made%20Simple%20UPLOAD%20FILE%20XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •