Product:

Getsimple_cms

(Get\-Simple)
Repositories https://github.com/GetSimpleCMS/GetSimpleCMS
#Vulnerabilities 26
Date Id Summary Products Score Patch Annotated
2022-10-18 CVE-2022-41544 GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. Getsimple_cms 9.8
2020-09-01 CVE-2020-23839 A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form. Getsimple_cms 6.1
2020-10-01 CVE-2020-24861 GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page Getsimple_cms 5.4
2022-04-27 CVE-2022-1503 A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory. Getsimple_cms 5.4
2018-09-16 CVE-2018-17103 An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter Getsimple_cms 8.8
2017-03-17 CVE-2014-8722 GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. Getsimple_cms 7.5