Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
getsimple cms vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-24861
GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page
Get-simple Getsimple Cms 3.3.16
4.3
CVSSv2
CVE-2020-23839
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote malicious users to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters cre...
Get-simple Getsimple Cms 3.3.16
1 Github repository
4
CVSSv2
CVE-2018-19420
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and va...
Get-simple Getsimple Cms 3.3.15
4
CVSSv2
CVE-2018-19421
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
Get-simple Getsimple Cms 3.3.15
5
CVSSv2
CVE-2014-8722
GetSimple CMS 3.3.4 allows remote malicious users to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.
Get-simple Getsimple Cms 3.3.4
5
CVSSv2
CVE-2014-8723
GetSimple CMS 3.3.4 allows remote malicious users to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.
Get-simple Getsimple Cms 3.3.4
NA
CVE-2022-41544
GetSimple CMS v3.3.16 exists to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.
Get-simple Getsimple Cms 3.3.16
1 Github repository
NA
CVE-2013-14201
GetSimple CMS version 3.1.2 suffers from multiple cross site scripting vulnerabilities.
NA
CVE-2023-51246
A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page.
Get-simple Getsimplecms 3.3.16
4.3
CVSSv2
CVE-2021-29400
A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote malicious users to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site.
Netexplorer My Smtp Contact 1.1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »