Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Getsimple_cms
(Get\-Simple)| Repositories | https://github.com/GetSimpleCMS/GetSimpleCMS |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-09-16 | CVE-2018-17103 | An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter | Getsimple_cms | 8.8 | ||
| 2022-10-18 | CVE-2022-41544 | GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. | Getsimple_cms | 9.8 | ||
| 2020-09-01 | CVE-2020-23839 | A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form. | Getsimple_cms | 6.1 | ||
| 2022-04-27 | CVE-2022-1503 | A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory. | Getsimple_cms | 5.4 | ||
| 2017-03-17 | CVE-2014-8722 | GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. | Getsimple_cms | 7.5 | ||
| 2020-01-02 | CVE-2013-1420 | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. NOTE: the path parameter in admin/upload.php vector is already covered by CVE-2012-6621. | Getsimple_cms | N/A | ||
| 2017-06-29 | CVE-2017-10673 | admin/profile.php in GetSimple CMS 3.x has XSS in a name field. | Getsimple_cms | N/A | ||
| 2019-09-15 | CVE-2019-16333 | GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. | Getsimple_cms | N/A | ||
| 2019-05-22 | CVE-2019-11231 | An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to the official documentation for installation step 10, an admin is required to upload all the files, including the .htaccess files, and run a health check. However, what is overlooked is that the... | Getsimple_cms | 9.8 | ||
| 2018-04-02 | CVE-2018-9173 | Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. | Getsimple_cms | 6.1 |