NotCVE - vendor:"Cmsmadesimple" product:"Cms Made Simple" version:"

Page 9 of 83 results (0.007 seconds)

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 3

CVE-2017-16783 – CMS Made Simple 2.1.6 - 'cntnt01detailtemplate' Server-Side Template Injection

https://notcve.org/view.php?id=CVE-2017-16783

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. En CMS Made Simple 2.1.6, existe inyección de plantillas del lado del servidor mediante el parámetro cntnt01detailtemplate. CMS Made Simple version 2.1.6 suffers from a server-side template injection vulnerability. • https://www.exploit-db.com/exploits/48944 http://packetstormsecurity.com/files/159690/CMS-Made-Simple-2.1.6-Server-Side-Template-Injection.html https://www.netsparker.com/web-applications-advisories/ns-17-032-server-side-template-injection-vulnerability-in-cms-made-simple • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-16784

https://notcve.org/view.php?id=CVE-2017-16784

In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. En CMS Made Simple 2.2.2, existe Cross-Site Scripting (XSS) reflejado mediante el parámetro cntnt01detailtemplate. • https://www.netsparker.com/web-applications-advisories/ns-17-031-reflected-xss-vulnerability-in-cms-made-simple • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-11405

https://notcve.org/view.php?id=CVE-2017-11405

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file. En CMS Made Simple (CMSMS) versión 2.2.2, los administradores autenticados remotos pueden cargar un archivo .php por medio de una acción CMSContentManager en el archivo admin/moduleinterface.php, seguido por una acción FilePicker en el archivo admin/moduleinterface.php en la que type=image es cambiada a type=file. • http://www.yuesec.com/img/cccccve/CMSMadeSimple/upl0advul123/filepickerimages/FilePicker_upload_vulnerability.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-11404

https://notcve.org/view.php?id=CVE-2017-11404

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. En CMS Made Simple (CMSMS) versión 2.2.2, los administradores autenticados remotos pueden cargar un archivo .php por medio de una acción FileManager en el archivo admin/moduleinterface.php. • http://www.yuesec.com/img/cccccve/CMSMadeSimple/upl0advul123/images/upload_vulnerability_yuesec.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-9668

https://notcve.org/view.php?id=CVE-2017-9668

In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action. En admin\addgroup.php en el gestor de contenidos Made Simple 2.1.6, cuando se añade un nuevo grupo no filtra el XSS resultando en la generación de un Storage-type XSS, mediante el parametro de descripción en la acción de añadir grupo. • https://github.com/XiaoZhis/ProjectSend/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...7 8 9 10 11