12567 |
Security issue caused by using older versions of Smarty |
2022-10-21 |
Critical |
2.2.16 |
None |
Open |
CMS Made Simple Foundation |
z |
12228 |
Stored Cross-Site Scripting - CMS Made Simple 2.2.13 |
2019-12-22 |
Critical |
2.2.13 |
None |
Open |
Robert Campbell |
Guram Javakhishvili |
12275 |
Remote Code Execution (RCE) authenticated with crafted JPG files |
2020-03-16 |
Critical |
2.2.13 |
Awaiting Response |
Open |
Ruud van der Velden |
Joshua Provoste |
11021 |
block replacement does not allow to "overwrite" a content block |
2016-05-08 |
Major |
2.1.3 |
Accepted |
Open |
Nobody |
Ludger Merkens |
11674 |
Async processsing not robust |
2017-12-14 |
Major |
|
None |
Open |
Nobody |
tom |
11969 |
File Picker Window Does Not Close |
2019-02-06 |
Major |
2.2.9.1 |
None |
Open |
Nobody |
Oliver Coningham |
12149 |
Stored cross-site scripting (XSS) in News > Add Article |
2019-09-19 |
Major |
2.2.11 |
None |
Open |
Nobody |
Neelima Bawa |
12462 |
Emojis unsupported |
2021-07-21 |
Major |
2.2.15 |
None |
Open |
Nobody |
|
12535 |
File Manager Unpack archive .tar.gz |
2022-04-13 |
Major |
2.2.16 |
Accepted |
Open |
tom |
Jean-Claude Etiemble |
12572 |
Prototype Pollution |
2022-11-04 |
Major |
2.2.16 |
None |
Open |
CMS Made Simple Foundation |
pranshu |
12587 |
can't uninstall modules running php 8.1 |
2022-12-12 |
Major |
2.2.16 |
Accepted |
Open |
CMS Made Simple Foundation |
Ludger Merkens |
12634 |
MenuManager core module is incompatible with PHP 8.1 |
2023-07-25 |
Major |
2.2.17 |
Accepted |
Open |
Nobody |
Jean-François S. |
12652 |
Admin/Tags PHP 8.1 Deprecated |
2023-10-06 |
Major |
2.2.18 |
None |
Open |
Fernando Morgado |
Jean-Claude Etiemble |
12653 |
Admin/News PHP 8.1 Deprecated |
2023-10-06 |
Major |
2.2.18 |
None |
Open |
Fernando Morgado |
Jean-Claude Etiemble |
12727 |
Search Module causes error |
2024-06-11 |
Major |
2.2.21 |
Fixed |
Open |
Chris Taylor |
Darren Kierman |
12749 |
Saving an UDT execute the code |
2024-08-27 |
Major |
2.2.21 |
Accepted |
Open |
Fernando Morgado |
Finn Lovenkrands |
8208 |
cms_index_module_templates_by_module_name_template_name too long in utf8 |
2012-08-03 |
Minor |
1.11 |
Accepted |
Open |
Robert Campbell |
Not public |
9640 |
content_image does not work when both block and id parameters are given |
2013-11-02 |
Minor |
1.11.9 |
None |
Open |
Nobody |
Martijn de Milliano |
9958 |
Cannot delete template associated to internal page link |
2014-04-16 |
Minor |
1.11.10 |
Accepted |
Open |
Nobody |
Steven Mortimer |
10500 |
session security check incomplete |
2015-04-23 |
Minor |
1.11.13 |
None |
Open |
Nobody |
Fred Polizo |
10574 |
Can't set string 'default' for default value in method.install.php. |
2015-07-03 |
Minor |
1.12 |
Accepted |
Open |
Nobody |
Karelin |
11440 |
Invalid path in global settings causes fatal error in FilePicker |
2017-06-27 |
Minor |
2.2.1 |
Accepted |
Open |
Nobody |
stephen cooper |
11590 |
Admintheme Module Actions Show in Menu |
2017-10-02 |
Minor |
2.2.3.1 |
None |
Open |
Nobody |
Krisztian Kishazi |
11627 |
Exporting/importing designs changes Smarty comments containing the word 'Navigator' |
2017-11-02 |
Minor |
2.2.3.1 |
None |
Open |
Nobody |
Matt Hornsby (DIGI3) |
11700 |
Exporting/importing designs changes CGSimpleSmarty call in Navigator template |
2018-01-16 |
Minor |
|
None |
Open |
Nobody |
Dorothée DV |