CMS Made Simple CMS Made Simple

Do you want an email whenever new security vulnerabilities are reported in any CMS Made Simple product?

Products by CMS Made Simple Sorted by Most Security Vulnerabilities since 2018

CMS Made Simple97 vulnerabilities

CMS Made Simple Bable1 vulnerability

By the Year

In 2024 there have been 0 vulnerabilities in CMS Made Simple . Last year CMS Made Simple had 15 security vulnerabilities published. Right now, CMS Made Simple is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 15 6.18
2022 4 7.05
2021 16 5.38
2020 6 5.82
2019 19 6.59
2018 34 6.49

It may take a day or so for new CMS Made Simple vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent CMS Made Simple Security Vulnerabilities

An issue in CMSmadesimple v.2.2.18

CVE-2023-43352 7.8 - High - October 26, 2023

An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43360 5.4 - Medium - October 25, 2023

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.

XSS

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43358 5.4 - Medium - October 23, 2023

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.

XSS

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43354 5.4 - Medium - October 20, 2023

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.

XSS

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43355 5.4 - Medium - October 20, 2023

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.

XSS

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43356 5.4 - Medium - October 20, 2023

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.

XSS

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43357 5.4 - Medium - October 20, 2023

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.

XSS

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43353 5.4 - Medium - October 20, 2023

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.

XSS

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43359 5.4 - Medium - October 19, 2023

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.

XSS

A File upload vulnerability in CMSmadesimple v.2.2.18

CVE-2023-43872 5.4 - Medium - September 28, 2023

A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).

XSS

Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18

CVE-2023-43339 6.1 - Medium - September 25, 2023

Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.

XSS

A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17

CVE-2023-36970 5.4 - Medium - July 06, 2023

A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.

XSS

CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution

CVE-2023-36969 8.8 - High - July 06, 2023

CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.

Unrestricted File Upload

SQL Injection vulnerability in CMS Made Simple through 2.2.15

CVE-2021-28999 8.8 - High - May 08, 2023

SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.

SQL Injection

File upload vulnerability in CMS Made Simple through 2.2.15

CVE-2021-28998 7.2 - High - May 08, 2023

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.

Unrestricted File Upload

CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php

CVE-2021-40961 8.8 - High - June 09, 2022

CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.

SQL Injection

Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15

CVE-2021-43154 6.1 - Medium - April 13, 2022

Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.

XSS

CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability

CVE-2022-23907 6.1 - Medium - February 28, 2022

CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.

XSS

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function

CVE-2022-23906 7.2 - High - February 28, 2022

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.

Unrestricted File Upload

CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which

CVE-2020-23481 5.4 - Medium - September 22, 2021

CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.

XSS

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.