CVE-2020-37238
- EPSS 0.24%
- Veröffentlicht 16.05.2026 15:25:54
- Zuletzt bearbeitet 18.05.2026 17:26:40
CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers can upload SVG files containing embedded JavaScrip...
CVE-2026-5203
- EPSS 0.32%
- Veröffentlicht 31.03.2026 15:45:08
- Zuletzt bearbeitet 29.04.2026 01:00:01
A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function _copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in...
CVE-2026-4225
- EPSS 0.21%
- Veröffentlicht 16.03.2026 07:32:07
- Zuletzt bearbeitet 29.04.2026 01:00:01
A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scri...
CVE-2025-5153
- EPSS 0.29%
- Veröffentlicht 25.05.2025 17:31:04
- Zuletzt bearbeitet 03.06.2025 12:57:15
A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site script...
CVE-2017-16799
- EPSS 0.49%
- Veröffentlicht 12.11.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882.