12393 |
XSS via SVG file upload |
2020-12-04 |
Major |
2.2.15 |
Won't Fix |
Open |
Nobody |
Eshan Singh |
12419 |
Module dependency fails if module is uninstalled |
2021-02-23 |
None |
2.2.15 |
None |
Open |
Nobody |
Matt Hornsby (DIGI3) |
12432 |
Reflected XSS in /admin/addbookmark.php |
2021-03-18 |
Minor |
2.2.15 |
Accepted |
Open |
CMS Made Simple Foundation |
Humberto Junior |
12435 |
Replacing an image file in filepicker doesn't update thumbnail |
2021-04-02 |
None |
|
Fixed |
Open |
Nobody |
Matt Hornsby (DIGI3) |
12437 |
Installer won't allow "<" symbol in database password |
2021-04-09 |
Minor |
2.2.15 |
Fixed |
Open |
Nobody |
Matt Hornsby (DIGI3) |
12443 |
Admin Search fails on some searches with default mysql mode only_full_group_by (mysql 5.7.5+) |
2021-04-24 |
None |
2.2.15 |
Fixed |
Open |
Ruud van der Velden |
Matt Hornsby (DIGI3) |
12456 |
Navigator breadcrumbs with default page hidden from menu causes php notice |
2021-05-25 |
Minor |
2.2.15 |
Fixed |
Open |
Ruud van der Velden |
Ruud van der Velden |
12457 |
Event Manager empty list when mysql mode only_full_group_by |
2021-05-27 |
Major |
2.2.15 |
Fixed |
Open |
Ruud van der Velden |
Ruud van der Velden |
12462 |
Emojis unsupported |
2021-07-21 |
Major |
2.2.15 |
None |
Open |
Nobody |
|
12474 |
Taking the default page down by accident through the content type |
2021-09-09 |
Minor |
2.1.5 |
Fixed |
Open |
Nobody |
Michael Smith |
12477 |
class.cms_config |
2021-09-22 |
Major |
2.1.5 |
Invalid |
Open |
Nobody |
Brian O'Kelly |
12484 |
Cannot exit after Run UDT |
2021-10-07 |
Trivial |
2.2.15 |
Fixed |
Open |
Nobody |
Mario S (rotezecke) |
12498 |
Page Copy in ContentManager enforces Default Values (overwriting actual values) |
2021-11-24 |
Minor |
|
Awaiting Response |
Open |
Nobody |
Ludger Merkens |
12502 |
A Remote Command Execution vulnerability on the background in CMS Made Simple 2.2.15 |
2021-12-09 |
None |
2.1.5 |
Invalid |
Open |
CMS Made Simple Foundation |
fuzzyap1 |
12503 |
A Reflected cross-site scripting (XSS) in 'm1_fmmessage' parameter |
2021-12-09 |
None |
2.1.5 |
Invalid |
Open |
CMS Made Simple Foundation |
fuzzyap1 |
12506 |
Not optimal a database query |
2021-12-20 |
Minor |
2.2.15 |
None |
Open |
Fernando Morgado |
Yuri Haperski |
12522 |
several files core correction |
2022-01-27 |
Minor |
2.2.16 |
None |
Open |
Fernando Morgado |
Philippe Thomas |
12528 |
Navigator doesn't clear excluded prefixes in some situations |
2022-02-04 |
Minor |
2.2.16 |
Fixed |
Open |
Fernando Morgado |
Ruud van der Velden |
12529 |
Cacheable Pages have Bad Header Last-Modified |
2022-02-06 |
Minor |
2.2.16 |
Fixed |
Open |
Rolf |
Philippe Thomas |
12535 |
File Manager Unpack archive .tar.gz |
2022-04-13 |
Major |
2.2.16 |
Accepted |
Open |
tom |
Jean-Claude Etiemble |
12539 |
Module FilePicker 1.0.5 files corrections |
2022-04-19 |
Minor |
|
Fixed |
Open |
Nobody |
Philippe Thomas |
12541 |
Module ModuleManager 2.1.8 : corrections + compatible php 7.1.0 to 8.1.4 |
2022-04-19 |
Minor |
|
Fixed |
Open |
Nobody |
Philippe Thomas |
12565 |
debug mode causes fatal error in PHP 8 |
2022-10-10 |
Minor |
2.2.16 |
Fixed |
Open |
Nobody |
Matt Hornsby (DIGI3) |
12567 |
Security issue caused by using older versions of Smarty |
2022-10-21 |
Critical |
2.2.16 |
None |
Open |
CMS Made Simple Foundation |
z |
12572 |
Prototype Pollution |
2022-11-04 |
Major |
2.2.16 |
None |
Open |
CMS Made Simple Foundation |
pranshu |