Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / cmsmadesimple

cmsmadesimple

158 tracked vulnerabilities.

CVE-2020-10681 MEDIUM

CMS Made Simple 2.2.13 - Stored XSS

CVE-2019-9060 HIGH

CMS Made Simple 2.2.8 - Unauthenticated Path Traversal and Arbitrary File Read via CGExtensions Module

CVE-2019-17630 MEDIUM

CMS Made Simple 2.2.11 - Stored Cross-Site Scripting via News Article Image Filename

CVE-2019-17629 MEDIUM

CMS Made Simple 2.2.11 - Stored Cross-Site Scripting via Image Filename Upload

CVE-2019-17226 MEDIUM

CMS Made Simple 2.2.11 - Stored Cross-Site Scripting via Module Manager Search Term Field

CVE-2019-1010290 MEDIUM NUCLEI

Babel All - Open Redirect

CVE-2019-11226 MEDIUM

CMS Made Simple 2.2.10 - Stored Cross-Site Scripting via m1_name Parameter

CVE-2019-11513 MEDIUM

CMS Made Simple < 2.2.10 - Reflected Cross-Site Scripting via File Manager Rename Action

CVE-2019-9056 HIGH

CMS Made Simple 2.2.8 - Authenticated Object Injection via FrontEndUsers Module

CVE-2019-10107 MEDIUM

CMS Made Simple 2.2.10 - Stored Cross-Site Scripting via My Account Email Address Field

CVE-2019-10106 MEDIUM

CMS Made Simple 2.2.10 - Stored Cross-Site Scripting via News Module Category Name Field

CVE-2019-10105 MEDIUM

CMS Made Simple 2.2.10 - Stored Cross-Site Scripting in Layout Design Manager Name Field

CVE-2019-9061 HIGH

CMS Made Simple < 2.2.8 - Authenticated Object Injection via Module Installation

CVE-2019-9059 HIGH

CMS Made Simple < 2.2.8 - Authenticated Command Injection via Mail Settings

CVE-2019-9058 HIGH

CMS Made Simple < 2.2.8 - Authenticated Object Injection via sel_groups Parameter

CVE-2019-9057 HIGH

CMS Made Simple < 2.2.8 - Authenticated Object Injection via FilePicker Module

CVE-2019-9055 HIGH

CMS Made Simple < 2.2.8 - Authenticated Remote Code Execution via m1_allparms Deserialization

CVE-2019-9053 HIGH

CMS Made Simple 2.2.8 - Unauthenticated Blind SQL Injection via News Module m1_idlist Parameter

CVE-2019-10017 MEDIUM

CMS Made Simple 2.2.10 - Stored Cross-Site Scripting via File Picker Name Field

CVE-2019-9693 HIGH

CMS Made Simple < 2.2.10 - Authenticated SQL Injection via show_id and picture_id Parameters

CVE-2019-9692 MEDIUM

CMS Made Simple < 2.2.10 - Unrestricted File Upload via Watermark Image Extension Bypass

CVE-2018-20464 MEDIUM

CMS Made Simple 2.2.8 - Reflected Cross-Site Scripting in Admin MyAccount Page

CVE-2018-19597 MEDIUM

CMS Made Simple 2.2.8 - Stored Cross-Site Scripting via SVG Upload

CVE-2018-18271 MEDIUM

CMS Made Simple 2.2.7 - Cross-Site Scripting via m1_extra Parameter

CVE-2018-18270 MEDIUM

CMS Made Simple 2.2.7 - Stored Cross-Site Scripting via m1_news_url Parameter

Previous Page 3 of 7 Next

Products

cms_made_simple 154 form_builder 3 CMS Made Simple 1 bable\ 1 cmsmadesimple 1 file_manager 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy