12567 |
Security issue caused by using older versions of Smarty |
2022-10-21 |
Critical |
2.2.16 |
None |
Open |
CMS Made Simple Foundation |
z |
12191 |
Authenticated Remote code Execution |
2019-11-15 |
Critical |
2.2.12 |
Awaiting Response |
Open |
Robert Campbell |
Yosri Debaibi |
12228 |
Stored Cross-Site Scripting - CMS Made Simple 2.2.13 |
2019-12-22 |
Critical |
2.2.13 |
None |
Open |
Robert Campbell |
Guram Javakhishvili |
12275 |
Remote Code Execution (RCE) authenticated with crafted JPG files |
2020-03-16 |
Critical |
2.2.13 |
Awaiting Response |
Open |
Ruud van der Velden |
Joshua Provoste |
11021 |
block replacement does not allow to "overwrite" a content block |
2016-05-08 |
Major |
2.1.3 |
Accepted |
Open |
Nobody |
Ludger Merkens |
11626 |
FrontEnd editing with MicroTiny requires permissive_smarty=1 |
2017-11-01 |
Major |
2.2.3.1 |
Fixed |
Open |
Robert Campbell |
Jack Skiba |
11674 |
Async processsing not robust |
2017-12-14 |
Major |
|
Fixed |
Open |
Nobody |
tom |
11876 |
class.CmsLayoutTemplateQuery.php not implemented as documented + query fatal error on unimplemented filters |
2018-08-22 |
Major |
2.2.8 |
Fixed |
Open |
Nobody |
Deleted User |
11969 |
File Picker Window Does Not Close |
2019-02-06 |
Major |
2.2.9.1 |
None |
Open |
Nobody |
Oliver Coningham |
12149 |
Stored cross-site scripting (XSS) in News > Add Article |
2019-09-19 |
Major |
2.2.11 |
None |
Open |
Nobody |
Neelima Bawa |
12393 |
XSS via SVG file upload |
2020-12-04 |
Major |
2.2.15 |
Won't Fix |
Open |
Nobody |
Eshan Singh |
12457 |
Event Manager empty list when mysql mode only_full_group_by |
2021-05-27 |
Major |
2.2.15 |
Fixed |
Open |
Ruud van der Velden |
Ruud van der Velden |
12462 |
Emojis unsupported |
2021-07-21 |
Major |
2.2.15 |
None |
Open |
Nobody |
|
12477 |
class.cms_config |
2021-09-22 |
Major |
2.1.5 |
Invalid |
Open |
Nobody |
Brian O'Kelly |
12535 |
File Manager Unpack archive .tar.gz |
2022-04-13 |
Major |
2.2.16 |
Accepted |
Open |
tom |
Jean-Claude Etiemble |
12572 |
Prototype Pollution |
2022-11-04 |
Major |
2.2.16 |
None |
Open |
CMS Made Simple Foundation |
pranshu |
12587 |
can't uninstall modules running php 8.1 |
2022-12-12 |
Major |
2.2.16 |
Accepted |
Open |
CMS Made Simple Foundation |
Ludger Merkens |
12634 |
MenuManager core module is incompatible with PHP 8.1 |
2023-07-25 |
Major |
2.2.17 |
Accepted |
Open |
Nobody |
Jean-François S. |
12635 |
Apply button is shown for non-existing page and creates new pages |
2023-07-28 |
Major |
|
Fixed |
Open |
Fernando Morgado |
Daniel Brito |
12651 |
Stored Cross Site Scripting in CMS Made Simple - Admin Console |
2023-10-04 |
Major |
2.2.18 |
None |
Open |
CMS Made Simple Foundation |
Sahil Ojha |
12652 |
Admin/Tags PHP 8.1 Deprecated |
2023-10-06 |
Major |
2.2.18 |
None |
Open |
Fernando Morgado |
Jean-Claude Etiemble |
12653 |
Admin/News PHP 8.1 Deprecated |
2023-10-06 |
Major |
2.2.18 |
None |
Open |
Fernando Morgado |
Jean-Claude Etiemble |
12654 |
Admin/Settings PHP 8.1 Deprecated |
2023-10-06 |
Major |
2.2.18 |
None |
Open |
Fernando Morgado |
Jean-Claude Etiemble |
12703 |
Version 2.2.19 : a syntax error in a udt blocks cmsmadesimple definitivly , error in class.usertagoperations.inc.php |
2024-04-03 |
Major |
2.2.18 |
Fixed |
Open |
Nobody |
Raymond FETIVEAU |
12565 |
debug mode causes fatal error in PHP 8 |
2022-10-10 |
Minor |
2.2.16 |
Fixed |
Open |
Nobody |
Matt Hornsby (DIGI3) |