12022 |
Cross-site Scripting vulnerability in CMS Made Simple |
2019-04-19 |
Trivial |
2.2.10 |
Accepted |
Open |
Nobody |
Binit Ghimire |
12048 |
The simple dropdown version of parent selector in the "Navigation" tab of "Edit Content Page" does not update the field |
2019-06-01 |
Minor |
2.2.10 |
None |
Open |
Nobody |
Sašo Živanović |
12059 |
[BETA] PHP Parse error |
2019-06-29 |
None |
2.3-beta1 |
None |
Open |
Nobody |
|
12094 |
Stored Cross-site Scripting Vulnerability in Settings-News module in CMS Made Simple |
2019-08-06 |
Minor |
2.2.10 |
None |
Open |
Nobody |
feioklucy |
12149 |
Stored cross-site scripting (XSS) in News > Add Article |
2019-09-19 |
Major |
2.2.11 |
None |
Open |
Nobody |
Neelima Bawa |
12228 |
Stored Cross-Site Scripting - CMS Made Simple 2.2.13 |
2019-12-22 |
Critical |
2.2.13 |
None |
Open |
Robert Campbell |
Guram Javakhishvili |
12275 |
Remote Code Execution (RCE) authenticated with crafted JPG files |
2020-03-16 |
Critical |
2.2.13 |
Awaiting Response |
Open |
Ruud van der Velden |
Joshua Provoste |
12361 |
Wrong current menu entry in admin after submitting backend group permissions |
2020-09-01 |
Trivial |
2.2.14 |
Accepted |
Open |
Fernando Morgado |
Franck |
12419 |
Module dependency fails if module is uninstalled |
2021-02-23 |
None |
2.2.15 |
None |
Open |
Nobody |
Matt Hornsby (DIGI3) |
12432 |
Reflected XSS in /admin/addbookmark.php |
2021-03-18 |
Minor |
2.2.15 |
Accepted |
Open |
CMS Made Simple Foundation |
Humberto Junior |
12462 |
Emojis unsupported |
2021-07-21 |
Major |
2.2.15 |
None |
Open |
Nobody |
|
12498 |
Page Copy in ContentManager enforces Default Values (overwriting actual values) |
2021-11-24 |
Minor |
|
Awaiting Response |
Open |
Nobody |
Ludger Merkens |
12506 |
Not optimal a database query |
2021-12-20 |
Minor |
2.2.15 |
None |
Open |
Fernando Morgado |
Yuri Haperski |
12522 |
several files core correction |
2022-01-27 |
Minor |
2.2.16 |
None |
Open |
Fernando Morgado |
Philippe Thomas |
12535 |
File Manager Unpack archive .tar.gz |
2022-04-13 |
Major |
2.2.16 |
Accepted |
Open |
tom |
Jean-Claude Etiemble |
12539 |
Module FilePicker 1.0.5 files corrections |
2022-04-19 |
Minor |
|
Fixed |
Open |
Nobody |
Philippe Thomas |
12567 |
Security issue caused by using older versions of Smarty |
2022-10-21 |
Critical |
2.2.16 |
None |
Open |
CMS Made Simple Foundation |
z |
12572 |
Prototype Pollution |
2022-11-04 |
Major |
2.2.16 |
None |
Open |
CMS Made Simple Foundation |
pranshu |
12587 |
can't uninstall modules running php 8.1 |
2022-12-12 |
Major |
2.2.16 |
Accepted |
Open |
CMS Made Simple Foundation |
Ludger Merkens |
12634 |
MenuManager core module is incompatible with PHP 8.1 |
2023-07-25 |
Major |
2.2.17 |
Accepted |
Open |
Nobody |
Jean-François S. |
12643 |
Error 500 when upgrading after step 8 on large installs |
2023-09-04 |
Minor |
2.2.18 |
None |
Open |
Nobody |
Tristan |
12652 |
Admin/Tags PHP 8.1 Deprecated |
2023-10-06 |
Major |
2.2.18 |
None |
Open |
Fernando Morgado |
Jean-Claude Etiemble |
12653 |
Admin/News PHP 8.1 Deprecated |
2023-10-06 |
Major |
2.2.18 |
None |
Open |
Fernando Morgado |
Jean-Claude Etiemble |
12657 |
CMS_Content_Block internally uses type property which collides with type parameter of e.g FilePicker |
2023-10-19 |
Minor |
2.2.18 |
None |
Open |
Nobody |
Ruud van der Velden |
12658 |
CMSContentManager new lang string 'error_edit_default_page_contenttype' |
2023-10-22 |
Minor |
2.2.18 |
Fixed |
Open |
Chris Taylor |
Jean-Claude Etiemble |