Cms made simple
This hub aggregates every CVE we track for Cms made simple, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
156
CVEs tracked
9
Critical
42
High
0
In CISA KEV
Severity distribution
MEDIUM99HIGH42CRITICAL9LOW6
Monthly trend
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
1
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Cms made simple.
- CVE-2020-37238CMS Made Simple 2.2.15 Stored XSS via SVG File Upload6.4
- CVE-2025-5153CMS Made Simple Design Manager Module cross site scripting3.5
- CVE-2024-1529Cross-site Scripting in CMS Made Simple7.4
- CVE-2024-1528Cross-site Scripting in CMS Made Simple7.4
- CVE-2024-1527Unrestricted Upload of File with Dangerous Type in CMS Made Simple9.8
- CVE-2024-27622A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-...7.2
- CVE-2024-27625CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequat...4.8
- CVE-2024-27623CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.5.9
- CVE-2023-43352An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.7.8
- CVE-2023-43360Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.5.4
- CVE-2023-43358Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.5.4
- CVE-2023-43356Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu com...5.4
- CVE-2023-43353Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.5.4
- CVE-2023-43357Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.5.4
- CVE-2023-43355Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferenc...5.4
Product normalization is registry-driven with AI assist and human review. How it works