Published: 01/09/2020 Updated: 03/12/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote malicious users to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.

Vulnerable Product	Search on Vulmon	Subscribe to Product
get-simple getsimple cms 3.3.16

GetSimple CMS version 3316 cross site scripting to remote shell upload exploit ...

Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal

CVE-2020-23839 | GetSimple CMS v3316 - Reflected XSS to RCE Exploit Author: Bobby Cooke (boku) Vulnerability Statistics OWASP Top Ten 2017: A7:2017-Cross-Site Scripting (XSS) CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - Type 1: Reflected XSS CVSS Base Score: 61 MEDIUM CVSS v31 Vector: CVSS:31/AV:N/AC:L/PR:N/UI:R

CWE-79 https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1330 http://packetstormsecurity.com/files/162016/GetSimple-CMS-3.3.16-Cross-Site-Scripting-Shell-Upload.html https://github.com/boku7/CVE-2020-23839 https://www.exploit-db.com/exploits/49726 https://nvd.nist.gov https://github.com/boku7/CVE-2020-23839 https://packetstormsecurity.com/files/162016/GetSimple-CMS-3.3.16-Cross-Site-Scripting-Shell-Upload.html

CVE-2020-23839

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect