CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-43352
https://notcve.org/view.php?id=CVE-2023-43352
26 Oct 2023 — An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component. Un problema en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un payload manipulado en el componente Content Manager Menu. • https://github.com/sromanhu/CVE-2023-43352-CMSmadesimple-SSTI--Content • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-43360
https://notcve.org/view.php?id=CVE-2023-43360
24 Oct 2023 — Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component. Una vulnerabilidad de Cross-Site Scripting (XSS) en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado en el parámetro Top Directory en el componente File Picker Menu. • https://github.com/sromanhu/CVE-2023-43360-CMSmadesimple-Stored-XSS---File-Picker-extension • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-43358
https://notcve.org/view.php?id=CVE-2023-43358
23 Oct 2023 — Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component. Una vulnerabilidad de Cross Site Scripting en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado en el parámetro Título en el componente Menú de noticias. • https://github.com/sromanhu/CVE-2023-43358-CMSmadesimple-Stored-XSS---News • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43356
https://notcve.org/view.php?id=CVE-2023-43356
20 Oct 2023 — Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component. Una vulnerabilidad de Cross Site Scripting en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado para el parámetro Global Meatadata en el componente del Global Settings Menu. • https://github.com/sromanhu/CVE-2023-43356-CMSmadesimple-Stored-XSS---Global-Settings • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43357
https://notcve.org/view.php?id=CVE-2023-43357
20 Oct 2023 — Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component. Una vulnerabilidad de Cross Site Scripting en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado en el parámetro Title en el componente Manage Shortcuts. • https://github.com/sromanhu/CVE-2023-43357-CMSmadesimple-Stored-XSS---Shortcut • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43353
https://notcve.org/view.php?id=CVE-2023-43353
20 Oct 2023 — Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component. Una vulnerabilidad de Cross Site Scripting en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado para el parámetro adicional en el componente del menú de noticias. • https://github.com/sromanhu/CVE-2023-43353-CMSmadesimple-Stored-XSS---News---Extra • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43354
https://notcve.org/view.php?id=CVE-2023-43354
20 Oct 2023 — Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component. Vulnerabilidad de Cross Site Scripting en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado en el parámetro Profiles en el componente del editor Extensions -MicroTiny WYSIWYG. • https://github.com/sromanhu/CVE-2023-43354-CMSmadesimple-Stored-XSS---MicroTIny-extension • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-43355
https://notcve.org/view.php?id=CVE-2023-43355
20 Oct 2023 — Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component. La vulnerabilidad de Cross Site Scripting en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado para los parámetros contraseña y contraseña nuevamente en My Preferences - Add user. • https://github.com/sromanhu/CVE-2023-43355-CMSmadesimple-Reflected-XSS---Add-user • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43359
https://notcve.org/view.php?id=CVE-2023-43359
19 Oct 2023 — Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component. La vulnerabilidad de Cross-Site Scripting (XSS) en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un script manipulado para los parámetros de datos Smarty y metadatos específicos de la página en el componente del Menú del Administrador de Co... • https://github.com/sromanhu/CVE-2023-43359-CMSmadesimple-Stored-XSS----Content-Manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-43872
https://notcve.org/view.php?id=CVE-2023-43872
28 Sep 2023 — A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). Vulnerabilidad de carga de archivos en CMSmadesimple v.2.2.18 permite a un atacante local cargar un archivo pdf con Cross Site Scripting (XSS) oculto. • https://github.com/sromanhu/CVE-2023-43872-CMSmadesimple-Arbitrary-File-Upload--XSS---File-Manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •