Cmsmadesimple » Cms Made Simple : Security Vulnerabilities, CVEs, (XSS) CVSS score >= 2
Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially take over their browser session.
Max CVSS
7.4
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.
Max CVSS
7.4
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-09-28
Updated
2023-10-30
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
Max CVSS
5.4
EPSS Score
N/A
Published
2023-10-25
Updated
2023-10-30
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-10-19
Updated
2023-10-30
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-10-23
Updated
2023-10-30
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-10-20
Updated
2023-10-25
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-10-20
Updated
2023-10-25
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-10-20
Updated
2023-10-25
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-10-20
Updated
2023-10-25
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-10-20
Updated
2023-10-25
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
Max CVSS
6.1
EPSS Score
0.09%
Published
2023-09-25
Updated
2023-11-08
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-07-06
Updated
2023-07-11
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-02-28
Updated
2022-03-08
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-04-13
Updated
2022-04-21
CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.
Max CVSS
5.4
EPSS Score
0.10%
Published
2021-03-30
Updated
2021-06-04
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-07-02
Updated
2021-07-06
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Stylesheet" parameter under the "Stylesheets" module.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-07-02
Updated
2021-07-06
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL (slug)" or "Extra" fields under the "Add Article" feature.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-07-02
Updated
2021-07-06
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-07-02
Updated
2021-07-06
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-07-02
Updated
2021-07-06
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Path for the {page_image} tag:" or "Path for thumbnail field:" parameters under the "Content Editing Settings" module.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-07-02
Updated
2021-07-06
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-07-02
Updated
2021-07-06
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-07-02
Updated
2021-07-06
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-07-02
Updated
2021-07-06