CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36408
https://notcve.org/view.php?id=CVE-2020-36408
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en CMS Made Simple versión 2.2.14, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el parámetro "Add Shortcut" del módulo "Manage Shortcuts" • http://dev.cmsmadesimple.org/bug/view/12325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27377
https://notcve.org/view.php?id=CVE-2020-27377
A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts. Se ha detectado una vulnerabilidad de tipo cross-site scripting (XSS) en el panel del Administrador del módulo "Setting News" en CMS Made Simple versión 2.2.14, que permite a un atacante ejecutar scripts web arbitrarios • http://dev.cmsmadesimple.org/bug/view/12317 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2021-28935 – CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-28935
CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field. CMS Made Simple (CMSMS) versión 2.2.15, permite un XSS autenticado por medio del script /admin/addbookmark.php a través del campo Site Admin ) My Preferences ) Title. CMS Made Simple version 2.2.15 suffers from a reflective cross site scripting vulnerability. • https://www.exploit-db.com/exploits/49793 http://dev.cmsmadesimple.org/bug/view/12432 http://packetstormsecurity.com/files/162287/CMS-Made-Simple-2.2.15-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20138 – Flexmonster Pivot Table And Charts 2.7.17 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-20138
Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el módulo Showtime2 Slideshow en CMS Made Simple (CMSMS) versión 2.2.4 Flexmonster Pivot Table and Charts version 2.7.17 suffers from multiple cross site scripting vulnerabilities. • https://packetstormsecurity.com/files/160604/Flexmonster-Pivot-Table-And-Charts-2.7.17-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2020-24860 – CMS Made Simple 2.2.14 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-24860
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website. CMS Made Simple versión 2.2.14, permite a un usuario autenticado con acceso al Content Manager editar el contenido y colocar la carga útil de tipo XSS persistente en los campos de texto afectados. El usuario puede obtener cookies de cada usuario autenticado que visita el sitio web CMS Made Simple version 2.2.14 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/159434/CMS-Made-Simple-2.2.14-Cross-Site-Scripting.html https://www.cmsmadesimple.org https://www.exploit-db.com/exploits/48851 https://www.youtube.com/watch?v=M6D7DmmjLak&t=22s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •