CMS Made Simple
Products by CMS Made Simple Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 0 vulnerabilities in CMS Made Simple . Last year CMS Made Simple had 15 security vulnerabilities published. Right now, CMS Made Simple is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 15 | 6.18 |
2022 | 4 | 7.05 |
2021 | 16 | 5.38 |
2020 | 6 | 5.82 |
2019 | 19 | 6.59 |
2018 | 34 | 6.49 |
It may take a day or so for new CMS Made Simple vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent CMS Made Simple Security Vulnerabilities
An issue in CMSmadesimple v.2.2.18
CVE-2023-43352
7.8 - High
- October 26, 2023
An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18
CVE-2023-43360
5.4 - Medium
- October 25, 2023
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18
CVE-2023-43358
5.4 - Medium
- October 23, 2023
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18
CVE-2023-43354
5.4 - Medium
- October 20, 2023
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.
XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18
CVE-2023-43355
5.4 - Medium
- October 20, 2023
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18
CVE-2023-43356
5.4 - Medium
- October 20, 2023
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18
CVE-2023-43357
5.4 - Medium
- October 20, 2023
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.
XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18
CVE-2023-43353
5.4 - Medium
- October 20, 2023
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.
XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18
CVE-2023-43359
5.4 - Medium
- October 19, 2023
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.
XSS
A File upload vulnerability in CMSmadesimple v.2.2.18
CVE-2023-43872
5.4 - Medium
- September 28, 2023
A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
XSS
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18
CVE-2023-43339
6.1 - Medium
- September 25, 2023
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
XSS
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17
CVE-2023-36970
5.4 - Medium
- July 06, 2023
A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.
XSS
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution
CVE-2023-36969
8.8 - High
- July 06, 2023
CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.
Unrestricted File Upload
SQL Injection vulnerability in CMS Made Simple through 2.2.15
CVE-2021-28999
8.8 - High
- May 08, 2023
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
SQL Injection
File upload vulnerability in CMS Made Simple through 2.2.15
CVE-2021-28998
7.2 - High
- May 08, 2023
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.
Unrestricted File Upload
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php
CVE-2021-40961
8.8 - High
- June 09, 2022
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
SQL Injection
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15
CVE-2021-43154
6.1 - Medium
- April 13, 2022
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.
XSS
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability
CVE-2022-23907
6.1 - Medium
- February 28, 2022
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.
XSS
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function
CVE-2022-23906
7.2 - High
- February 28, 2022
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.
Unrestricted File Upload
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which
CVE-2020-23481
5.4 - Medium
- September 22, 2021
CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.
XSS