CVSS: 7.2EPSS: 5%CPEs: 1EXPL: 1CVE-2017-8912 – CMS Made Simple 2.1.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2017-8912
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug. ** EN DISPUTA** CMS Made Simple (CMSMS) 2.1.6 permite a los administradores autenticados remotos ejecutar código PHP arbitrario a través del parámetro de código admin/editusertag.php, relativo a las funciones CreateTagFunction y CallUserTag. NOTA: el vendedor ha declarado que esto es "una característica, no un error". • https://www.exploit-db.com/exploits/41997 https://osandamalith.com/2017/05/11/cmsms-2-1-6-multiple-vulnerabilities • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7257
https://notcve.org/view.php?id=CVE-2017-7257
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack. XSS existe en la característica CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" a través del parámetro m1_content. Alguien debe iniciar sesión para realizar el ataque. • http://www.03i0.com/index.php/archives/113 http://www.securityfocus.com/bid/97205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7256
https://notcve.org/view.php?id=CVE-2017-7256
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack. XSS existe en la característica CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" característica a través del parámetro m1_summary. Alguien debe iniciar sesión para realizar el ataque. • http://www.03i0.com/index.php/archives/113 http://www.securityfocus.com/bid/97204 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7255
https://notcve.org/view.php?id=CVE-2017-7255
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack. XSS existe en la característica CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" a través del parámetro m1_title. Alguien debe iniciar sesión para realizar el ataque. • http://www.03i0.com/index.php/archives/113 http://www.securityfocus.com/bid/97203 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6555
https://notcve.org/view.php?id=CVE-2017-6555
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description"). Vulnerabilidad de XSS en /admin/moduleinterface.php en CMS Made Simple 2.1.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro m1_description (vulnerabilidad también conocida como "Design Manager > Categories > Category Description"). • http://www.daimacn.com/?id=7 http://www.securityfocus.com/bid/96933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •