CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10031
https://notcve.org/view.php?id=CVE-2018-10031
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php. CMS Made Simple (también conocido como CMSMS) 2.2.7 tiene Cross-Site Request Forgery (CSRF) en admin/moduleinterface.php. • https://github.com/zxyxx/cmsms_vul • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10032
https://notcve.org/view.php?id=CVE-2018-10032
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter. CMS Made Simple (también conocido como CMSMS) 2.2.7 tiene Cross-Site Scripting (XSS) reflejado en admin/moduleinterface.php a través del parámetro m1_version. • https://github.com/zxyxx/cmsms_vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7893
https://notcve.org/view.php?id=CVE-2018-7893
CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter. CMS Made Simple (CMSMS) 2.2.6 tiene Cross-Site Scripting (XSS) persistente en admin/moduleinterface.php mediante el parámetro metadata. • https://github.com/ibey0nd/CVE/blob/master/CMS%20Made%20Simple%20Stored%20XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-8058
https://notcve.org/view.php?id=CVE-2018-8058
CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter. CMS Made Simple (CMSMS) 2.2.6 tiene Cross-Site Scripting (XSS) en admin/moduleinterface.php mediante el parámetro pagedata. • https://github.com/ibey0nd/CVE/blob/master/CMS%20Made%20Simple%20Stored%20XSS%202.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2005-2392
https://notcve.org/view.php?id=CVE-2005-2392
Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function. Vulnerabilidad de secuencia de comandos en sitios cruzados en index.php para CMSSimple 2.4 y anteriores permite que atacantes remotos inyecten script web arbitrario o HTML mediante el parámetro "search" en la función de búsqueda. • http://lostmon.blogspot.com/2005/07/cmsimple-search-variable-xss.html http://secunia.com/advisories/16147 http://securitytracker.com/id?1014556 http://www.aria-security.net/advisory/cmsimple.txt http://www.cmsimple.dk/forum/viewtopic.php?t=2470 http://www.osvdb.org/18128 http://www.securityfocus.com/archive/1/442106/100/100/threaded http://www.securityfocus.com/bid/14346 •