| 12205 |
Array and string offset access syntax with curly braces is deprecated |
2019-12-09 |
Trivial |
2.3-beta7 |
None |
Open |
Nobody |
Kim Birkeland Skorgenes |
| 12204 |
Deprecated glue string |
2019-12-09 |
Trivial |
2.3-beta7 |
Fixed |
Open |
Nobody |
Kim Birkeland Skorgenes |
| 12191 |
Authenticated Remote code Execution |
2019-11-15 |
Critical |
2.2.12 |
Awaiting Response |
Open |
Robert Campbell |
Yosri Debaibi |
| 12172 |
CronJobTrait undefined constants |
2019-10-18 |
Minor |
2.2.12 |
Fixed |
Open |
Robert Campbell |
Chris Taylor |
| 12158 |
Navigator item prop has_children is always true when there is children |
2019-09-25 |
Minor |
2.2.10 |
Fixed |
Open |
Robert Campbell |
Tomas Amsrud |
| 12156 |
Warnings using php 7.3 |
2019-09-21 |
Trivial |
2.3-beta7 |
Fixed |
Open |
Nobody |
Kim Birkeland Skorgenes |
| 12149 |
Stored cross-site scripting (XSS) in News > Add Article |
2019-09-19 |
Major |
2.2.11 |
None |
Open |
Nobody |
Neelima Bawa |
| 12094 |
Stored Cross-site Scripting Vulnerability in Settings-News module in CMS Made Simple |
2019-08-06 |
Minor |
2.2.10 |
None |
Open |
Nobody |
feioklucy |
| 12059 |
[BETA] PHP Parse error |
2019-06-29 |
None |
2.3-beta1 |
None |
Open |
Nobody |
|
| 12048 |
The simple dropdown version of parent selector in the "Navigation" tab of "Edit Content Page" does not update the field |
2019-06-01 |
Minor |
2.2.10 |
None |
Open |
Nobody |
Sašo Živanović |
| 12022 |
Cross-site Scripting vulnerability in CMS Made Simple |
2019-04-19 |
Trivial |
2.2.10 |
Accepted |
Open |
Nobody |
Binit Ghimire |
| 12019 |
JobManager delete_jobs_by_module bug |
2019-04-10 |
Minor |
2.2.10 |
Fixed |
Open |
Robert Campbell |
Chris Taylor |
| 12018 |
PHP 7.3 Warning - "continue" targeting switch is equivalent to "break" |
2019-04-06 |
Minor |
2.2.10 |
Fixed |
Open |
Nobody |
|
| 12004 |
Stored Cross-site Scripting in Site Admin Settings - News module |
2019-03-25 |
Trivial |
2.2.10 |
None |
Open |
Nobody |
Chi Tran |
| 12003 |
Self-XSS vulnerability via My Account on CMSMS 2.2.10 |
2019-03-25 |
Trivial |
2.2.10 |
None |
Open |
Nobody |
Chi Tran |
| 12001 |
Stored Cross-site Scripting in CMS Made Simple - File picker feature |
2019-03-24 |
Trivial |
2.2.10 |
None |
Open |
Nobody |
Chi Tran |
| 11969 |
File Picker Window Does Not Close |
2019-02-06 |
Major |
2.2.9.1 |
None |
Open |
Nobody |
Oliver Coningham |
| 11963 |
Pages tabindex do not output with navigator and some errors in online documentation |
2019-02-02 |
Minor |
2.2.9 |
None |
Open |
Robert Campbell |
Philippe Thomas |
| 11955 |
admin panel output Mixed Content (HTTP and HTTPS) with custom variables in config.php file |
2019-01-24 |
Minor |
2.2.9 |
Fixed |
Open |
Robert Campbell |
Philippe Thomas |
| 11933 |
login screen on content editor/filepicker after switching users |
2018-12-04 |
None |
2.2.8 |
Fixed |
Open |
Nobody |
Matt Hornsby (DIGI3) |
| 11914 |
Bundled versions of smarty and PHPMailer contain security vulnerabilities |
2018-10-21 |
Minor |
2.2.8 |
Fixed |
Open |
Nobody |
Michael Orlitzky |
| 11880 |
content_image tag should accept empty value for alt parameter |
2018-08-30 |
Trivial |
2.2.8 |
Fixed |
Open |
Nobody |
Ruud van der Velden |
| 11876 |
class.CmsLayoutTemplateQuery.php not implemented as documented + query fatal error on unimplemented filters |
2018-08-22 |
Major |
2.2.8 |
Fixed |
Open |
Nobody |
Deleted User |
| 11831 |
Filepicker profile path issue when root_url defined in config |
2018-06-05 |
None |
2.2.7 |
Accepted |
Open |
Nobody |
Matt Hornsby (DIGI3) |
| 11807 |
UserOperations::IsSuperuser() calls UserOperations::GetMemberGroups() incorrectly |
2018-05-01 |
Minor |
2.2.7 |
Fixed |
Open |
Nobody |
Chris |
