| 12462 |
Emojis unsupported |
2021-07-21 |
Major |
2.2.15 |
None |
Open |
Nobody |
|
| 12457 |
Event Manager empty list when mysql mode only_full_group_by |
2021-05-27 |
Major |
2.2.15 |
Fixed |
Open |
Ruud van der Velden |
Ruud van der Velden |
| 12456 |
Navigator breadcrumbs with default page hidden from menu causes php notice |
2021-05-25 |
Minor |
2.2.15 |
Fixed |
Open |
Ruud van der Velden |
Ruud van der Velden |
| 12443 |
Admin Search fails on some searches with default mysql mode only_full_group_by (mysql 5.7.5+) |
2021-04-24 |
None |
2.2.15 |
Fixed |
Open |
Ruud van der Velden |
Matt Hornsby (DIGI3) |
| 12437 |
Installer won't allow "<" symbol in database password |
2021-04-09 |
Minor |
2.2.15 |
Fixed |
Open |
Nobody |
Matt Hornsby (DIGI3) |
| 12435 |
Replacing an image file in filepicker doesn't update thumbnail |
2021-04-02 |
None |
|
Fixed |
Open |
Nobody |
Matt Hornsby (DIGI3) |
| 12432 |
Reflected XSS in /admin/addbookmark.php |
2021-03-18 |
Minor |
2.2.15 |
Accepted |
Open |
CMS Made Simple Foundation |
Humberto Junior |
| 12419 |
Module dependency fails if module is uninstalled |
2021-02-23 |
None |
2.2.15 |
None |
Open |
Nobody |
Matt Hornsby (DIGI3) |
| 12393 |
XSS via SVG file upload |
2020-12-04 |
Major |
2.2.15 |
Won't Fix |
Open |
Nobody |
Eshan Singh |
| 12392 |
Stored Cross-Site Scripting - CMS Made Simple 2.2.15 |
2020-12-04 |
Minor |
2.1.5 |
Won't Fix |
Open |
Nobody |
Vu Tien Hoa |
| 12370 |
Admin Log-Download |
2020-09-25 |
Trivial |
|
Fixed |
Open |
Fernando Morgado |
Jean-Claude Etiemble |
| 12361 |
Wrong current menu entry in admin after submitting backend group permissions |
2020-09-01 |
Trivial |
2.2.14 |
Accepted |
Open |
Fernando Morgado |
Franck |
| 12275 |
Remote Code Execution (RCE) authenticated with crafted JPG files |
2020-03-16 |
Critical |
2.2.13 |
Awaiting Response |
Open |
Ruud van der Velden |
Joshua Provoste |
| 12228 |
Stored Cross-Site Scripting - CMS Made Simple 2.2.13 |
2019-12-22 |
Critical |
2.2.13 |
None |
Open |
Robert Campbell |
Guram Javakhishvili |
| 12205 |
Array and string offset access syntax with curly braces is deprecated |
2019-12-09 |
Trivial |
2.3-beta7 |
None |
Open |
Nobody |
Kim Birkeland Skorgenes |
| 12204 |
Deprecated glue string |
2019-12-09 |
Trivial |
2.3-beta7 |
Fixed |
Open |
Nobody |
Kim Birkeland Skorgenes |
| 12191 |
Authenticated Remote code Execution |
2019-11-15 |
Critical |
2.2.12 |
Awaiting Response |
Open |
Robert Campbell |
Yosri Debaibi |
| 12172 |
CronJobTrait undefined constants |
2019-10-18 |
Minor |
2.2.12 |
Fixed |
Open |
Robert Campbell |
Chris Taylor |
| 12158 |
Navigator item prop has_children is always true when there is children |
2019-09-25 |
Minor |
2.2.10 |
Fixed |
Open |
Robert Campbell |
Tomas Amsrud |
| 12156 |
Warnings using php 7.3 |
2019-09-21 |
Trivial |
2.3-beta7 |
Fixed |
Open |
Nobody |
Kim Birkeland Skorgenes |
| 12149 |
Stored cross-site scripting (XSS) in News > Add Article |
2019-09-19 |
Major |
2.2.11 |
None |
Open |
Nobody |
Neelima Bawa |
| 12094 |
Stored Cross-site Scripting Vulnerability in Settings-News module in CMS Made Simple |
2019-08-06 |
Minor |
2.2.10 |
None |
Open |
Nobody |
feioklucy |
| 12059 |
[BETA] PHP Parse error |
2019-06-29 |
None |
2.3-beta1 |
None |
Open |
Nobody |
|
| 12048 |
The simple dropdown version of parent selector in the "Navigation" tab of "Edit Content Page" does not update the field |
2019-06-01 |
Minor |
2.2.10 |
None |
Open |
Nobody |
Sašo Živanović |
| 12022 |
Cross-site Scripting vulnerability in CMS Made Simple |
2019-04-19 |
Trivial |
2.2.10 |
Accepted |
Open |
Nobody |
Binit Ghimire |
