CVE-2020-20138 – Flexmonster Pivot Table And Charts 2.7.17 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-20138
Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el módulo Showtime2 Slideshow en CMS Made Simple (CMSMS) versión 2.2.4 Flexmonster Pivot Table and Charts version 2.7.17 suffers from multiple cross site scripting vulnerabilities. • https://packetstormsecurity.com/files/160604/Flexmonster-Pivot-Table-And-Charts-2.7.17-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-24860 – CMS Made Simple 2.2.14 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-24860
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website. CMS Made Simple versión 2.2.14, permite a un usuario autenticado con acceso al Content Manager editar el contenido y colocar la carga útil de tipo XSS persistente en los campos de texto afectados. El usuario puede obtener cookies de cada usuario autenticado que visita el sitio web CMS Made Simple version 2.2.14 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/159434/CMS-Made-Simple-2.2.14-Cross-Site-Scripting.html https://www.cmsmadesimple.org https://www.exploit-db.com/exploits/48851 https://www.youtube.com/watch?v=M6D7DmmjLak&t=22s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-22842
https://notcve.org/view.php?id=CVE-2020-22842
CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. CMS Made Simple versiones anteriores a 2.2.15, permite un ataque de tipo XSS por medio del parámetro m1_mod en una acción ModuleManager en la función local_uninstall en archivo admin/moduleinterface.php • http://dev.cmsmadesimple.org/bug/view/12291 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-17462
https://notcve.org/view.php?id=CVE-2020-17462
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. CMS Made Simple versión 2.2.14, permite una Carga de Archivos Arbitraria Autenticada porque el File Manager no bloquea los archivos .ptar, un problema relacionado al CVE-2017-16798. • https://www.exploit-db.com/exploits/48742 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2020-14926
https://notcve.org/view.php?id=CVE-2020-14926
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page. CMS Made Simple versión 2.2.14, permite un ataque de tipo XSS por medio de Search Term en la página admin/moduleinterface.php?mact=ModuleManager • http://dev.cmsmadesimple.org/bug/view/12324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •