Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
getsimple cms vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2018-17835
An issue exists in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI.
Get-simple Getsimple Cms 3.3.15
6.1
CVSSv3
CVE-2018-9173
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote malicious users to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.
Get-simple Getsimple Cms 3.3.13
1 EDB exploit
5.3
CVSSv3
CVE-2014-8723
GetSimple CMS 3.3.4 allows remote malicious users to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.
Get-simple Getsimple Cms 3.3.4
NA
CVE-2010-5052
Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote malicious users to inject arbitrary web script or HTML via the val[] parameter.
Get-simple Getsimple Cms 2.01
1 EDB exploit
NA
CVE-2010-4863
Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote malicious users to inject arbitrary web script or HTML via the post-title parameter.
Get-simple Getsimple Cms 2.01
1 EDB exploit
8.8
CVSSv3
CVE-2018-17103
An issue exists in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter
Get-simple Getsimple Cms 3.3.13
5.4
CVSSv3
CVE-2019-16333
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
Get-simple Getsimple Cms 3.3.15
NA
CVE-2014-1603
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action to admin/settings.p...
Get-simple Getsimple Cms 3.3.1
1 EDB exploit
4.8
CVSSv3
CVE-2018-15843
GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.
Get-simple Getsimple Cms 3.3.14
1 Github repository
6.1
CVSSv3
CVE-2018-16325
There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field.
Get-simple Getsimple Cms 3.4.0.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »