| 12432 |
Reflected XSS in /admin/addbookmark.php |
2021-03-18 |
Minor |
2.2.15 |
Accepted |
Open |
CMS Made Simple Foundation |
Humberto Junior |
| 12419 |
Module dependency fails if module is uninstalled |
2021-02-23 |
None |
2.2.15 |
None |
Open |
Nobody |
Matt Hornsby (DIGI3) |
| 12393 |
XSS via SVG file upload |
2020-12-04 |
Major |
2.2.15 |
Won't Fix |
Open |
Nobody |
Eshan Singh |
| 12392 |
Stored Cross-Site Scripting - CMS Made Simple 2.2.15 |
2020-12-04 |
Minor |
2.1.5 |
Won't Fix |
Open |
Nobody |
Vu Tien Hoa |
| 12370 |
Admin Log-Download |
2020-09-25 |
Trivial |
|
Fixed |
Open |
Fernando Morgado |
Jean-Claude Etiemble |
| 12361 |
Wrong current menu entry in admin after submitting backend group permissions |
2020-09-01 |
Trivial |
2.2.14 |
Accepted |
Open |
Fernando Morgado |
Franck |
| 12275 |
Remote Code Execution (RCE) authenticated with crafted JPG files |
2020-03-16 |
Critical |
2.2.13 |
Awaiting Response |
Open |
Ruud van der Velden |
Joshua Provoste |
| 12228 |
Stored Cross-Site Scripting - CMS Made Simple 2.2.13 |
2019-12-22 |
Critical |
2.2.13 |
None |
Open |
Robert Campbell |
Guram Javakhishvili |
| 12205 |
Array and string offset access syntax with curly braces is deprecated |
2019-12-09 |
Trivial |
2.3-beta7 |
None |
Open |
Nobody |
Kim Birkeland Skorgenes |
| 12204 |
Deprecated glue string |
2019-12-09 |
Trivial |
2.3-beta7 |
Fixed |
Open |
Nobody |
Kim Birkeland Skorgenes |
| 12191 |
Authenticated Remote code Execution |
2019-11-15 |
Critical |
2.2.12 |
Awaiting Response |
Open |
Robert Campbell |
Yosri Debaibi |
| 12172 |
CronJobTrait undefined constants |
2019-10-18 |
Minor |
2.2.12 |
Fixed |
Open |
Robert Campbell |
Chris Taylor |
| 12158 |
Navigator item prop has_children is always true when there is children |
2019-09-25 |
Minor |
2.2.10 |
Fixed |
Open |
Robert Campbell |
Tomas Amsrud |
| 12156 |
Warnings using php 7.3 |
2019-09-21 |
Trivial |
2.3-beta7 |
Fixed |
Open |
Nobody |
Kim Birkeland Skorgenes |
| 12149 |
Stored cross-site scripting (XSS) in News > Add Article |
2019-09-19 |
Major |
2.2.11 |
None |
Open |
Nobody |
Neelima Bawa |
| 12094 |
Stored Cross-site Scripting Vulnerability in Settings-News module in CMS Made Simple |
2019-08-06 |
Minor |
2.2.10 |
None |
Open |
Nobody |
feioklucy |
| 12059 |
[BETA] PHP Parse error |
2019-06-29 |
None |
2.3-beta1 |
None |
Open |
Nobody |
|
| 12048 |
The simple dropdown version of parent selector in the "Navigation" tab of "Edit Content Page" does not update the field |
2019-06-01 |
Minor |
2.2.10 |
None |
Open |
Nobody |
Sašo Živanović |
| 12022 |
Cross-site Scripting vulnerability in CMS Made Simple |
2019-04-19 |
Trivial |
2.2.10 |
Accepted |
Open |
Nobody |
Binit Ghimire |
| 12019 |
JobManager delete_jobs_by_module bug |
2019-04-10 |
Minor |
2.2.10 |
Fixed |
Open |
Robert Campbell |
Chris Taylor |
| 12018 |
PHP 7.3 Warning - "continue" targeting switch is equivalent to "break" |
2019-04-06 |
Minor |
2.2.10 |
Fixed |
Open |
Nobody |
|
| 12004 |
Stored Cross-site Scripting in Site Admin Settings - News module |
2019-03-25 |
Trivial |
2.2.10 |
None |
Open |
Nobody |
Chi Tran |
| 12003 |
Self-XSS vulnerability via My Account on CMSMS 2.2.10 |
2019-03-25 |
Trivial |
2.2.10 |
None |
Open |
Nobody |
Chi Tran |
| 12001 |
Stored Cross-site Scripting in CMS Made Simple - File picker feature |
2019-03-24 |
Trivial |
2.2.10 |
None |
Open |
Nobody |
Chi Tran |
| 11969 |
File Picker Window Does Not Close |
2019-02-06 |
Major |
2.2.9.1 |
None |
Open |
Nobody |
Oliver Coningham |
