Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.17:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-36970 |
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. Published: July 06, 2023; 11:15:16 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-36969 |
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. Published: July 06, 2023; 11:15:15 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2017-1000454 |
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 Published: January 02, 2018; 12:29:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-1000453 |
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. Published: January 02, 2018; 12:29:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-0334 |
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092. Published: March 02, 2014; 12:55:02 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2007-5056 |
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter. Published: September 24, 2007; 6:17:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |