CVSS: 4.8EPSS: 15%CPEs: 1EXPL: 2CVE-2018-5964
https://notcve.org/view.php?id=CVE-2018-5964
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. CMS Made Simple (CMSMS) 2.2.5 tiene Cross-Site Scripting (XSS) en admin/moduleinterface.php a través del parámetro m1_messages. • http://packetstormsecurity.com/files/146034/CMS-Made-Simple-2.2.5-moduleinterface.php-title-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2018/Jan/82 https://kyawminthein901497298.wordpress.com/2018/01/22/cms-made-simple-2-2-5-reflected-cross-site-scripting • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-5963
https://notcve.org/view.php?id=CVE-2018-5963
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. CMS Made Simple (CMSMS) 2.2.5 tiene Cross-Site Scripting (XSS) en admin/addbookmark.php a través del parámetro title. • http://packetstormsecurity.com/files/146033/CMS-Made-Simple-2.2.5-Persistent-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2018/Jan/80 https://kyawminthein901497298.wordpress.com/2018/01/22/the-journey-begins • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1000454
https://notcve.org/view.php?id=CVE-2017-1000454
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 CMS Made Simple 2.1.6, 2.2 y 2.2.1 es vulnerable a una inyección de plantillas de Smarty en algunos componentes centrales. Esto resulta en la lectura de archivos locales en versiones anteriores a la 2.2 y en la inclusión de archivos locales desde la versión 2.2.1. • https://www.cmsmadesimple.org/2017/07/Announcing-CMSMS-2.2.2-Hearts-Content • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1000453
https://notcve.org/view.php?id=CVE-2017-1000453
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. CMS Made Simple, en sus versiones 2.1.6 y 2.2, es vulnerable a una inyección de plantillas de Smarty en algunos módulos centrales. Esto resulta en la ejecución de código PHP sin autenticación. • https://www.cmsmadesimple.org/2017/06/Announcing-CMSMS-2-2-1-Hearts-Desire • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17735
https://notcve.org/view.php?id=CVE-2017-17735
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. CMS Made Simple (CMSMS) en versiones anteriores a la 2.2.5 no almacena en caché correctamente la información de inicio de sesión en las cookies. • https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737 https://www.cmsmadesimple.org/2017/12/Announcing-CMSMS-v2.2.5-Wawa • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •