Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Getsimple_cms
(Get\-Simple)| Repositories | https://github.com/GetSimpleCMS/GetSimpleCMS |
| #Vulnerabilities | 26 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-02 | CVE-2013-1420 | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. NOTE: the path parameter in admin/upload.php vector is already covered by CVE-2012-6621. | Getsimple_cms | N/A | ||
| 2017-06-29 | CVE-2017-10673 | admin/profile.php in GetSimple CMS 3.x has XSS in a name field. | Getsimple_cms | N/A | ||
| 2019-09-15 | CVE-2019-16333 | GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. | Getsimple_cms | N/A | ||
| 2019-05-22 | CVE-2019-11231 | An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to the official documentation for installation step 10, an admin is required to upload all the files, including the .htaccess files, and run a health check. However, what is overlooked is that the... | Getsimple_cms | 9.8 | ||
| 2018-04-02 | CVE-2018-9173 | Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. | Getsimple_cms | 6.1 | ||
| 2018-12-31 | CVE-2018-19845 | There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. | Getsimple_cms | 5.4 | ||
| 2018-11-21 | CVE-2018-19421 | In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | Getsimple_cms | 3.8 | ||
| 2018-11-21 | CVE-2018-19420 | In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | Getsimple_cms | 3.8 | ||
| 2018-10-01 | CVE-2018-17835 | An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI. | Getsimple_cms | 4.8 | ||
| 2018-09-01 | CVE-2018-16325 | There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. | Getsimple_cms | 6.1 |