Published: 14/05/2014 Updated: 30/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action to admin/settings.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
get-simple getsimple cms 3.3.1

PoC for XSS bugs in the admin console of GetSimple CMS 331 CVE-2014-1603 by Pedro Ribeiro (pedrib@gmailcom) from Agile Information Security Disclosure: 12/05/2014 / Last updated: 12/10/2014 Timeline: 04/11/2013 - Found bugs, produced proof of concept 05/11/2013 - Communicated to the developer, which acknowledged receipt 10/01/2014 - Polite ...

GetSimple CMS version 331 suffers from persistent and reflective cross site scripting vulnerabilities ...

CWE-79 http://www.securityfocus.com/bid/67337 https://raw.githubusercontent.com/pedrib/PoC/master/getsimplecms-3.3.1.txt http://seclists.org/fulldisclosure/2014/May/53 https://nvd.nist.gov https://www.exploit-db.com/exploits/43888/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1603

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect