| 12148 |
Reflected XSS in Site Admin> Module Manager> Search Term |
2019-09-19 |
Major |
2.2.11 |
None |
Open |
Robert Campbell |
Chetan Madkam |
| 12149 |
Stored cross-site scripting (XSS) in News > Add Article |
2019-09-19 |
Major |
2.2.11 |
None |
Open |
Nobody |
Neelima Bawa |
| 12155 |
Remote code execution via file upload functionality |
2019-09-21 |
Critical |
2.3-beta7 |
Invalid |
Open |
Nobody |
Neelima Bawa |
| 12156 |
Warnings using php 7.3 |
2019-09-21 |
Trivial |
2.3-beta7 |
Fixed |
Open |
Nobody |
Kim Birkeland Skorgenes |
| 12158 |
Navigator item prop has_children is always true when there is children |
2019-09-25 |
Minor |
2.2.10 |
Fixed |
Open |
Robert Campbell |
Tomas Amsrud |
| 12172 |
CronJobTrait undefined constants |
2019-10-18 |
Minor |
2.2.12 |
Fixed |
Open |
Robert Campbell |
Chris Taylor |
| 12191 |
Authenticated Remote code Execution |
2019-11-15 |
Critical |
2.2.12 |
Awaiting Response |
Open |
Robert Campbell |
Yosri Debaibi |
| 12204 |
Deprecated glue string |
2019-12-09 |
Trivial |
2.3-beta7 |
Fixed |
Open |
Nobody |
Kim Birkeland Skorgenes |
| 12205 |
Array and string offset access syntax with curly braces is deprecated |
2019-12-09 |
Trivial |
2.3-beta7 |
None |
Open |
Nobody |
Kim Birkeland Skorgenes |
| 12222 |
Disable encoding HTML entity encoding in MicroTiny |
2019-12-21 |
Minor |
|
None |
Open |
Nobody |
Rimas Kudelis |
| 12223 |
Please, fix the forum egistration! |
2019-12-21 |
Critical |
|
None |
Open |
Nobody |
w00t |
| 12226 |
Stored Cross-Site Scripting - CMS Made Simple 2.2.13 |
2019-12-22 |
Critical |
2.2.13 |
None |
Open |
Robert Campbell |
Guram Javakhishvili |
| 12228 |
Stored Cross-Site Scripting - CMS Made Simple 2.2.13 |
2019-12-22 |
Critical |
2.2.13 |
None |
Open |
Robert Campbell |
Guram Javakhishvili |
| 12274 |
Cross-site Scripting (XSS) Stored within *.pxd extension files |
2020-03-16 |
Critical |
2.2.13 |
None |
Open |
Nobody |
Joshua Provoste |
| 12275 |
Remote Code Execution (RCE) authenticated with crafted JPG files |
2020-03-16 |
Critical |
2.2.13 |
None |
Open |
Nobody |
Joshua Provoste |
| 12281 |
Collision between Redirecting Link and Page URL |
2020-03-24 |
Minor |
2.2.12 |
None |
Open |
Nobody |
Ludger Merkens |
| 12287 |
Admin shortcuts popup refers to IRC |
2020-04-02 |
Trivial |
2.2.14 |
None |
Open |
Rolf |
Ruud van der Velden |
| 12288 |
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker. |
2020-04-04 |
Critical |
2.2.14 |
None |
Open |
Nobody |
ww |
| 12291 |
Reflected Cross site scripting |
2020-04-13 |
Major |
2.2.13 |
None |
Open |
Nobody |
Jyoti Raval |
| 12292 |
showbase parameter of metadata tag doesn't accept boolean value |
2020-04-16 |
Trivial |
2.2.14 |
None |
Open |
Nobody |
Ruud van der Velden |
| 12293 |
User pref date format string corrupted on saving |
2020-04-17 |
Minor |
2.2.14 |
None |
Open |
Nobody |
Ruud van der Velden |
| 12305 |
Removing actual Destination Page breaks Destination Page dropdown in Internal Page Link pages |
2020-05-04 |
Trivial |
2.2.14 |
None |
Open |
Nobody |
Tristan |
| 12311 |
log_performance_info - undefined variable: queries |
2020-05-19 |
Minor |
|
Fixed |
Open |
Fernando Morgado |
Greg Prosser |
| 12312 |
Stored XSS vulnerability in File Picker at CMSMS 2.2.14 and below |
2020-05-26 |
Major |
2.2.14 |
None |
Open |
Fernando Morgado |
Binit Ghimire |
| 12313 |
5 Stored XSS vulnerabilities in "Settings - Content Manager" under "Site Admin" in CMSMS Admin Console |
2020-05-26 |
Major |
2.2.14 |
None |
Open |
Chris Taylor |
Binit Ghimire |
