cmsmadesimple

Top products

The 15 most recently published vulnerabilities affecting cmsmadesimple.

• CVE-2020-37238CMS Made Simple 2.2.15 Stored XSS via SVG File Upload6.4May 16, 2026
• CVE-2025-63678An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary...7.2Nov 10, 2025
• CVE-2025-5153CMS Made Simple Design Manager Module cross site scripting3.5May 25, 2025
• CVE-2024-1529Cross-site Scripting in CMS Made Simple7.4Mar 12, 2024
• CVE-2024-1528Cross-site Scripting in CMS Made Simple7.4Mar 12, 2024
• CVE-2024-1527Unrestricted Upload of File with Dangerous Type in CMS Made Simple9.8Mar 12, 2024
• CVE-2024-27625CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequat...4.8Mar 5, 2024
• CVE-2024-27623CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.5.9Mar 5, 2024
• CVE-2024-27622A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-...7.2Mar 5, 2024
• CVE-2023-43352An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.7.8Oct 26, 2023
• CVE-2023-43360Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.5.4Oct 24, 2023
• CVE-2023-43358Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.5.4Oct 23, 2023
• CVE-2023-43357Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.5.4Oct 20, 2023
• CVE-2023-43356Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu com...5.4Oct 20, 2023
• CVE-2023-43355Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferenc...5.4Oct 20, 2023