| 12361 |
Wrong current menu entry in admin after submitting backend group permissions |
2020-09-01 |
Trivial |
2.2.14 |
Accepted |
Open |
Fernando Morgado |
Franck |
| 12275 |
Remote Code Execution (RCE) authenticated with crafted JPG files |
2020-03-16 |
Critical |
2.2.13 |
Awaiting Response |
Open |
Ruud van der Velden |
Joshua Provoste |
| 12228 |
Stored Cross-Site Scripting - CMS Made Simple 2.2.13 |
2019-12-22 |
Critical |
2.2.13 |
None |
Open |
Robert Campbell |
Guram Javakhishvili |
| 12149 |
Stored cross-site scripting (XSS) in News > Add Article |
2019-09-19 |
Major |
2.2.11 |
None |
Open |
Nobody |
Neelima Bawa |
| 12094 |
Stored Cross-site Scripting Vulnerability in Settings-News module in CMS Made Simple |
2019-08-06 |
Minor |
2.2.10 |
None |
Open |
Nobody |
feioklucy |
| 12059 |
[BETA] PHP Parse error |
2019-06-29 |
None |
2.3-beta1 |
None |
Open |
Nobody |
|
| 12048 |
The simple dropdown version of parent selector in the "Navigation" tab of "Edit Content Page" does not update the field |
2019-06-01 |
Minor |
2.2.10 |
None |
Open |
Nobody |
Sašo Živanović |
| 12022 |
Cross-site Scripting vulnerability in CMS Made Simple |
2019-04-19 |
Trivial |
2.2.10 |
Accepted |
Open |
Nobody |
Binit Ghimire |
| 12019 |
JobManager delete_jobs_by_module bug |
2019-04-10 |
Minor |
2.2.10 |
None |
Open |
Nobody |
Chris Taylor |
| 12004 |
Stored Cross-site Scripting in Site Admin Settings - News module |
2019-03-25 |
Trivial |
2.2.10 |
None |
Open |
Nobody |
Chi Tran |
| 12003 |
Self-XSS vulnerability via My Account on CMSMS 2.2.10 |
2019-03-25 |
Trivial |
2.2.10 |
None |
Open |
Nobody |
Chi Tran |
| 12001 |
Stored Cross-site Scripting in CMS Made Simple - File picker feature |
2019-03-24 |
Trivial |
2.2.10 |
None |
Open |
Nobody |
Chi Tran |
| 11969 |
File Picker Window Does Not Close |
2019-02-06 |
Major |
2.2.9.1 |
None |
Open |
Nobody |
Oliver Coningham |
| 11963 |
Pages tabindex do not output with navigator and some errors in online documentation |
2019-02-02 |
Minor |
2.2.9 |
None |
Open |
Robert Campbell |
Philippe Thomas |
| 11955 |
admin panel output Mixed Content (HTTP and HTTPS) with custom variables in config.php file |
2019-01-24 |
Minor |
2.2.9 |
Fixed |
Open |
Robert Campbell |
Philippe Thomas |
| 11914 |
Bundled versions of smarty and PHPMailer contain security vulnerabilities |
2018-10-21 |
Minor |
2.2.8 |
Fixed |
Open |
Nobody |
Michael Orlitzky |
| 11880 |
content_image tag should accept empty value for alt parameter |
2018-08-30 |
Trivial |
2.2.8 |
Fixed |
Open |
Nobody |
Ruud van der Velden |
| 11831 |
Filepicker profile path issue when root_url defined in config |
2018-06-05 |
None |
2.2.7 |
Accepted |
Open |
Nobody |
Matt Hornsby (DIGI3) |
| 11700 |
Exporting/importing designs changes CGSimpleSmarty call in Navigator template |
2018-01-16 |
Minor |
|
None |
Open |
Nobody |
Dorothée DV |
| 11674 |
Async processsing not robust |
2017-12-14 |
Major |
|
None |
Open |
Nobody |
tom |
| 11627 |
Exporting/importing designs changes Smarty comments containing the word 'Navigator' |
2017-11-02 |
Minor |
2.2.3.1 |
None |
Open |
Nobody |
Matt Hornsby (DIGI3) |
| 11590 |
Admintheme Module Actions Show in Menu |
2017-10-02 |
Minor |
2.2.3.1 |
None |
Open |
Nobody |
Krisztian Kishazi |
| 11568 |
OneEleven sets background color for input fields without setting text color |
2017-09-12 |
Trivial |
2.2.3.1 |
None |
Open |
Nobody |
Rimas Kudelis |
| 11440 |
Invalid path in global settings causes fatal error in FilePicker |
2017-06-27 |
Minor |
2.2.1 |
Accepted |
Open |
Nobody |
stephen cooper |
| 11421 |
Admin Log "Upgraded module FrontEndUsers to version" mistakenly displays version upgraded from. |
2017-06-22 |
Trivial |
2.2.1 |
None |
Open |
Nobody |
Tristan |
