cmsmadesimple

158 tracked vulnerabilities.

CVE-2025-63678 HIGH
CMS Made Simple Foundation File Manager <2.2.22 - RCE
Nov 10, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-5153 LOW
CMS Made Simple 2.2.21 - Cross-Site Scripting in Design Manager Module
May 25, 2025
CVSS 3.5
EPSS 0.00
CVE-2024-1529 HIGH
CMS Made Simple 2.2.14 - Cross-Site Scripting via /admin/adduser.php Parameters
Mar 12, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-1528 HIGH
CMS Made Simple 2.2.14 - Cross-Site Scripting via admin/moduleinterface.php Parameters
Mar 12, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-1527 CRITICAL
CMS Made Simple 2.2.14 - Authenticated Unrestricted File Upload and Remote Code Execution
Mar 12, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-27625 MEDIUM
CMS Made Simple 2.2.19 - Stored Cross-Site Scripting in File Manager New Directory Field
Mar 05, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-27623 MEDIUM
CMS Made Simple 2.2.19 - Server-Side Template Injection in Design Manager Breadcrumbs
Mar 05, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-27622 HIGH
CMS Made Simple <2.2.19/2.2.21 - RCE
Mar 05, 2024
CVSS 7.2
EPSS 0.05
CVE-2023-43352 HIGH
CMS Made Simple 2.2.18 - Server-Side Template Injection via Content Manager Menu
Oct 26, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-43360 MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via File Picker Top Directory Parameter
Oct 25, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-43358 MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via News Menu Title Parameter
Oct 23, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-43357 MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via Manage Shortcuts Title Parameter
Oct 20, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-43356 MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting in Global Metadata Parameter
Oct 20, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-43355 MEDIUM
CMS Made Simple 2.2.18 - Cross-Site Scripting via My Preferences Add User Password Parameters
Oct 20, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-43354 MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting in MicroTiny WYSIWYG Editor Profiles Parameter
Oct 20, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-43353 MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via News Menu Extra Parameter
Oct 20, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-43359 MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via Page Specific Metadata and Smarty Data Parameters
Oct 19, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-43872 MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via PDF File Upload
Sep 28, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-43339 MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via Database Configuration Parameters
Sep 25, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-36970 MEDIUM
CMS Made Simple 2.2.17 - Authenticated Stored Cross-Site Scripting via File Upload
Jul 06, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-36969 HIGH
CMS Made Simple 2.2.17 - Authenticated Remote Code Execution via File Upload
Jul 06, 2023
CVSS 8.8
EPSS 0.72
CVE-2022-23907 MEDIUM
CMS Made Simple 2.2.15 - Reflected Cross-Site Scripting via m1_fmmessage Parameter
Feb 28, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-23906 HIGH
CMS Made Simple 2.2.15 - Remote Code Execution via Avatar Upload
Feb 28, 2022
CVSS 7.2
EPSS 0.06
CVE-2021-28999 HIGH
CMS Made Simple <= 2.2.15 - SQL Injection via m1_sortby Parameter
May 08, 2023
CVSS 8.8
EPSS 0.01
CVE-2021-28998 HIGH
CMS Made Simple <= 2.2.15 - Authenticated Arbitrary File Upload via PHAR File
May 08, 2023
CVSS 7.2
EPSS 0.01
Products
cms_made_simple 154 form_builder 3 CMS Made Simple 1 bable\ 1 cmsmadesimple 1 file_manager 1
Quick Filters
Critical CVEs With Exploits In CISA KEV