CVE-2017-7256
https://notcve.org/view.php?id=CVE-2017-7256
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack. XSS existe en la característica CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" característica a través del parámetro m1_summary. Alguien debe iniciar sesión para realizar el ataque. • http://www.03i0.com/index.php/archives/113 http://www.securityfocus.com/bid/97204 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-7255
https://notcve.org/view.php?id=CVE-2017-7255
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack. XSS existe en la característica CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" a través del parámetro m1_title. Alguien debe iniciar sesión para realizar el ataque. • http://www.03i0.com/index.php/archives/113 http://www.securityfocus.com/bid/97203 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-7257
https://notcve.org/view.php?id=CVE-2017-7257
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack. XSS existe en la característica CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" a través del parámetro m1_content. Alguien debe iniciar sesión para realizar el ataque. • http://www.03i0.com/index.php/archives/113 http://www.securityfocus.com/bid/97205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-6556
https://notcve.org/view.php?id=CVE-2017-6556
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field. Vulnerabilidad de XSS en CMS Made Simple (CMSMS) 2.1.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del campo "adminpage > sitesetting > General Settings > globalmetadata". • http://www.daimacn.com/?id=8 http://www.securityfocus.com/bid/96933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-6555
https://notcve.org/view.php?id=CVE-2017-6555
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description"). Vulnerabilidad de XSS en /admin/moduleinterface.php en CMS Made Simple 2.1.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro m1_description (vulnerabilidad también conocida como "Design Manager > Categories > Category Description"). • http://www.daimacn.com/?id=7 http://www.securityfocus.com/bid/96933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •