Show filters
150 Total Results
Displaying 111-120 of 150
Sort by:
Attacker Value
Unknown

CVE-2017-7255

Disclosure Date: March 24, 2017 (last updated February 15, 2024)
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack.
0
0
Attacker Value
Unknown

CVE-2017-7257

Disclosure Date: March 24, 2017 (last updated February 15, 2024)
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack.
0
0
Attacker Value
Unknown

CVE-2017-6555

Disclosure Date: March 09, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description").
0
0
Attacker Value
Unknown

CVE-2017-6556

Disclosure Date: March 09, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field.
0
0
Attacker Value
Unknown

CVE-2017-6070

Disclosure Date: February 21, 2017 (last updated November 26, 2024)
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
0
0
Attacker Value
Unknown

CVE-2017-6072

Disclosure Date: February 21, 2017 (last updated November 26, 2024)
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.
0
0
Attacker Value
Unknown

CVE-2017-6071

Disclosure Date: February 21, 2017 (last updated November 26, 2024)
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2016-7904

Disclosure Date: January 16, 2017 (last updated November 25, 2024)
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.
0
0
Attacker Value
Unknown

CVE-2016-2784

Disclosure Date: May 26, 2016 (last updated November 25, 2024)
CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.
0
0
Attacker Value
Unknown

CVE-2014-2245

Disclosure Date: March 05, 2014 (last updated October 05, 2023)
SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information.
0
0
View More Topics  < Previous  Next >