Filtered by vendor Get-simple
Subscribe
Search
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51246 | 1 Get-simple | 1 Getsimplecms | 2024-01-12 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page. | |||||
| CVE-2022-1503 | 1 Get-simple | 1 Getsimple Cms | 2022-05-05 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory. | |||||
| CVE-2021-36601 | 1 Get-simple | 1 Getsimplecms | 2021-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter. | |||||
| CVE-2020-21353 | 1 Get-simple | 1 Getsimplecms | 2021-08-09 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets module. | |||||
| CVE-2020-18660 | 1 Get-simple | 1 Getsimplecms | 2021-06-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter. | |||||
| CVE-2020-18657 | 1 Get-simple | 1 Getsimplecms | 2021-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function. | |||||
| CVE-2020-18659 | 1 Get-simple | 1 Getsimplecms | 2021-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php | |||||
| CVE-2020-18658 | 1 Get-simple | 1 Getsimplecms | 2021-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php. | |||||
| CVE-2020-20389 | 1 Get-simple | 1 Getsimplecms | 2021-06-25 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php. | |||||
| CVE-2021-28977 | 1 Get-simple | 1 Getsimplecms | 2021-06-25 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files, | |||||
| CVE-2020-20391 | 1 Get-simple | 1 Getsimplecms | 2021-06-25 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets. | |||||
| CVE-2020-23839 | 1 Get-simple | 1 Getsimple Cms | 2021-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form. | |||||
| CVE-2020-24861 | 1 Get-simple | 1 Getsimple Cms | 2020-10-08 | 3.5 LOW | 5.4 MEDIUM |
| GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page | |||||
| CVE-2013-1420 | 1 Get-simple | 1 Getsimple Cms | 2020-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. NOTE: the path parameter in admin/upload.php vector is already covered by CVE-2012-6621. | |||||
| CVE-2017-10673 | 1 Get-simple | 1 Getsimple Cms | 2019-12-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| admin/profile.php in GetSimple CMS 3.x has XSS in a name field. | |||||
| CVE-2019-16333 | 1 Get-simple | 1 Getsimple Cms | 2019-09-19 | 3.5 LOW | 5.4 MEDIUM |
| GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. | |||||
| CVE-2018-19845 | 1 Get-simple | 1 Getsimple Cms | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. | |||||
| CVE-2018-17835 | 1 Get-simple | 1 Getsimple Cms | 2018-11-15 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI. | |||||
| CVE-2018-16325 | 1 Get-simple | 1 Getsimple Cms | 2018-11-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. | |||||
| CVE-2018-15843 | 1 Get-simple | 1 Getsimple Cms | 2018-10-17 | 3.5 LOW | 4.8 MEDIUM |
| GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field. | |||||
| CVE-2018-9173 | 1 Get-simple | 1 Getsimple Cms | 2018-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. | |||||
| CVE-2014-8723 | 1 Get-simple | 1 Getsimple Cms | 2017-03-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message. | |||||