Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
getsimple cms vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-8723
GetSimple CMS 3.3.4 allows remote malicious users to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.
Get-simple Getsimple Cms 3.3.4
4.3
CVSSv2
CVE-2020-23839
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote malicious users to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters cre...
Get-simple Getsimple Cms 3.3.16
1 Github repository
4
CVSSv2
CVE-2018-19420
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and va...
Get-simple Getsimple Cms 3.3.15
4.3
CVSSv2
CVE-2018-9173
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote malicious users to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.
Get-simple Getsimple Cms 3.3.13
1 EDB exploit
4.3
CVSSv2
CVE-2010-4863
Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote malicious users to inject arbitrary web script or HTML via the post-title parameter.
Get-simple Getsimple Cms 2.01
1 EDB exploit
4.3
CVSSv2
CVE-2010-5052
Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote malicious users to inject arbitrary web script or HTML via the val[] parameter.
Get-simple Getsimple Cms 2.01
1 EDB exploit
3.5
CVSSv2
CVE-2019-16333
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
Get-simple Getsimple Cms 3.3.15
NA
CVE-2013-14201
GetSimple CMS version 3.1.2 suffers from multiple cross site scripting vulnerabilities.
NA
CVE-2023-51246
A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page.
Get-simple Getsimplecms 3.3.16
4.3
CVSSv2
CVE-2021-29400
A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote malicious users to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site.
Netexplorer My Smtp Contact 1.1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »