| 12523 |
Uninstall module error. PHP8 |
2022-01-27 |
Critical |
2.2.16 |
None |
Open |
Fernando Morgado |
Yuri Haperski |
| 12522 |
several files core correction |
2022-01-27 |
Minor |
2.2.16 |
None |
Open |
Fernando Morgado |
Philippe Thomas |
| 12520 |
Built-in {anchor} tag not working on News module pages |
2022-01-26 |
Major |
2.2.16 |
None |
Open |
Nobody |
|
| 12506 |
Not optimal a database query |
2021-12-20 |
Minor |
2.2.15 |
None |
Open |
Fernando Morgado |
Yuri Haperski |
| 12503 |
A Reflected cross-site scripting (XSS) in 'm1_fmmessage' parameter |
2021-12-09 |
Minor |
2.1.5 |
None |
Open |
CMS Made Simple Foundation |
fuzzyap1 |
| 12502 |
A Remote Command Execution vulnerability on the background in CMS Made Simple 2.2.15 |
2021-12-09 |
Critical |
2.1.5 |
None |
Open |
CMS Made Simple Foundation |
fuzzyap1 |
| 12499 |
adminlog.tpl Wrongly formed date |
2021-11-30 |
Trivial |
|
Fixed |
Open |
Ruud van der Velden |
Jean-Claude Etiemble |
| 12498 |
Page Copy in ContentManager enforces Default Values (overwriting actual values) |
2021-11-24 |
Minor |
|
Awaiting Response |
Open |
Nobody |
Ludger Merkens |
| 12484 |
Cannot exit after Run UDT |
2021-10-07 |
Trivial |
2.2.15 |
Fixed |
Open |
Nobody |
Mario S (rotezecke) |
| 12477 |
class.cms_config |
2021-09-22 |
Major |
2.1.5 |
Invalid |
Open |
Nobody |
Brian O'Kelly |
| 12474 |
Taking the default page down by accident through the content type |
2021-09-09 |
Minor |
2.1.5 |
Accepted |
Open |
Nobody |
Michael Smith |
| 12462 |
Emojis unsupported |
2021-07-21 |
Major |
2.2.15 |
None |
Open |
Nobody |
|
| 12457 |
Event Manager empty list when mysql mode only_full_group_by |
2021-05-27 |
Major |
2.2.15 |
Fixed |
Open |
Ruud van der Velden |
Ruud van der Velden |
| 12456 |
Navigator breadcrumbs with default page hidden from menu causes php notice |
2021-05-25 |
Minor |
2.2.15 |
Fixed |
Open |
Ruud van der Velden |
Ruud van der Velden |
| 12443 |
Admin Search fails on some searches with default mysql mode only_full_group_by (mysql 5.7.5+) |
2021-04-24 |
None |
2.2.15 |
Fixed |
Open |
Ruud van der Velden |
Matt Hornsby (DIGI3) |
| 12437 |
Installer won't allow "<" symbol in database password |
2021-04-09 |
Minor |
2.2.15 |
Fixed |
Open |
Nobody |
Matt Hornsby (DIGI3) |
| 12435 |
Replacing an image file in filepicker doesn't update thumbnail |
2021-04-02 |
None |
|
Fixed |
Open |
Nobody |
Matt Hornsby (DIGI3) |
| 12432 |
Reflected XSS in /admin/addbookmark.php |
2021-03-18 |
Minor |
2.2.15 |
Accepted |
Open |
CMS Made Simple Foundation |
Humberto Junior |
| 12419 |
Module dependency fails if module is uninstalled |
2021-02-23 |
None |
2.2.15 |
None |
Open |
Nobody |
Matt Hornsby (DIGI3) |
| 12393 |
XSS via SVG file upload |
2020-12-04 |
Major |
2.2.15 |
Won't Fix |
Open |
Nobody |
Eshan Singh |
| 12392 |
Stored Cross-Site Scripting - CMS Made Simple 2.2.15 |
2020-12-04 |
Minor |
2.1.5 |
Won't Fix |
Open |
Nobody |
Vu Tien Hoa |
| 12370 |
Admin Log-Download |
2020-09-25 |
Trivial |
|
Fixed |
Open |
Fernando Morgado |
Jean-Claude Etiemble |
| 12361 |
Wrong current menu entry in admin after submitting backend group permissions |
2020-09-01 |
Trivial |
2.2.14 |
Accepted |
Open |
Fernando Morgado |
Franck |
| 12275 |
Remote Code Execution (RCE) authenticated with crafted JPG files |
2020-03-16 |
Critical |
2.2.13 |
Awaiting Response |
Open |
Ruud van der Velden |
Joshua Provoste |
| 12228 |
Stored Cross-Site Scripting - CMS Made Simple 2.2.13 |
2019-12-22 |
Critical |
2.2.13 |
None |
Open |
Robert Campbell |
Guram Javakhishvili |
