| 12148 |
Reflected XSS in Site Admin> Module Manager> Search Term |
2019-09-19 |
Major |
2.2.11 |
None |
Open |
Robert Campbell |
Chetan Madkam |
| 12149 |
Stored cross-site scripting (XSS) in News > Add Article |
2019-09-19 |
Major |
2.2.11 |
None |
Open |
Nobody |
Neelima Bawa |
| 12155 |
Remote code execution via file upload functionality |
2019-09-21 |
Critical |
2.3-beta7 |
Invalid |
Open |
Nobody |
Neelima Bawa |
| 12156 |
Warnings using php 7.3 |
2019-09-21 |
Trivial |
2.3-beta7 |
Fixed |
Open |
Nobody |
Kim Birkeland Skorgenes |
| 12158 |
Navigator item prop has_children is always true when there is children |
2019-09-25 |
Minor |
2.2.10 |
Fixed |
Open |
Robert Campbell |
Tomas Amsrud |
| 12172 |
CronJobTrait undefined constants |
2019-10-18 |
Minor |
2.2.12 |
Fixed |
Open |
Robert Campbell |
Chris Taylor |
| 12191 |
Authenticated Remote code Execution |
2019-11-15 |
Critical |
2.2.12 |
Awaiting Response |
Open |
Robert Campbell |
Yosri Debaibi |
| 12204 |
Deprecated glue string |
2019-12-09 |
Trivial |
2.3-beta7 |
Fixed |
Open |
Nobody |
Kim Birkeland Skorgenes |
| 12205 |
Array and string offset access syntax with curly braces is deprecated |
2019-12-09 |
Trivial |
2.3-beta7 |
None |
Open |
Nobody |
Kim Birkeland Skorgenes |
| 12226 |
Stored Cross-Site Scripting - CMS Made Simple 2.2.13 |
2019-12-22 |
None |
2.2.13 |
Won't Fix |
Open |
Ruud van der Velden |
Guram Javakhishvili |
| 12228 |
Stored Cross-Site Scripting - CMS Made Simple 2.2.13 |
2019-12-22 |
Critical |
2.2.13 |
None |
Open |
Robert Campbell |
Guram Javakhishvili |
| 12274 |
Cross-site Scripting (XSS) Stored within *.pxd extension files |
2020-03-16 |
Critical |
2.2.13 |
Awaiting Response |
Open |
Nobody |
Joshua Provoste |
| 12275 |
Remote Code Execution (RCE) authenticated with crafted JPG files |
2020-03-16 |
Critical |
2.2.13 |
Awaiting Response |
Open |
Ruud van der Velden |
Joshua Provoste |
| 12287 |
Admin shortcuts popup refers to IRC |
2020-04-02 |
Trivial |
2.2.14 |
Fixed |
Open |
Rolf |
Ruud van der Velden |
| 12288 |
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker. |
2020-04-04 |
Minor |
2.2.14 |
Fixed |
Open |
Ruud van der Velden |
ww |
| 12291 |
Reflected Cross site scripting |
2020-04-13 |
Major |
2.2.13 |
Fixed |
Open |
Ruud van der Velden |
Jyoti Raval |
| 12292 |
showbase parameter of metadata tag doesn't accept boolean value |
2020-04-16 |
Trivial |
2.2.14 |
Fixed |
Open |
Ruud van der Velden |
Ruud van der Velden |
| 12305 |
Removing actual Destination Page breaks Destination Page dropdown in Internal Page Link pages |
2020-05-04 |
Trivial |
2.2.14 |
Fixed |
Open |
Ruud van der Velden |
Tristan |
| 12311 |
log_performance_info - undefined variable: queries |
2020-05-19 |
Minor |
|
Fixed |
Open |
Fernando Morgado |
Greg Prosser |
| 12312 |
Stored XSS vulnerability in File Picker at CMSMS 2.2.14 and below |
2020-05-26 |
Minor |
2.2.14 |
Fixed |
Open |
Ruud van der Velden |
Binit Ghimire |
| 12313 |
5 Stored XSS vulnerabilities in "Settings - Content Manager" under "Site Admin" in CMSMS Admin Console |
2020-05-26 |
Minor |
2.2.14 |
Fixed |
Open |
Ruud van der Velden |
Binit Ghimire |
| 12317 |
XSS on Settings News Module |
2020-05-29 |
Minor |
2.2.14 |
Fixed |
Open |
Ruud van der Velden |
rahul gautam |
| 12321 |
Cross Site Scripting Vulnerability on "Logic" via Content Manager feature in CMS Made Simple v2.2.14 |
2020-06-15 |
None |
2.2.14 |
Won't Fix |
Open |
Nobody |
luuthehienhbit |
| 12322 |
Cross Site Scripting Vulnerability on "Extra" via 'News > Article" feature in CMS Made Simple v2.2.14 |
2020-06-16 |
Minor |
2.2.14 |
Fixed |
Open |
Fernando Morgado |
luuthehienhbit |
| 12324 |
Cross Site Scripting Vulnerability on "Search" via "Module Manager" feature in CMS Made Simple v2.2.14 |
2020-06-18 |
Minor |
2.2.14 |
Fixed |
Open |
Matt Hornsby (DIGI3) |
NamTV |
