Lucene search
China National Vulnerability DatabaseCNVD-2024-06238HistoryJan 11, 2024 - 12:00 a.m.
GetSimple CMS Cross-Site Scripting Vulnerability
2024-01-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
getsimple cms
cross-site scripting
vulnerability
version 3.3.16
php
filtering
escaping
user-supplied data
injection
web script
html
payload
attack
GetSimple CMS is a content management system (CMS) written in PHP. A cross-site scripting vulnerability exists in GetSimple CMS version 3.3.16, which stems from the lack of effective filtering and escaping of user-supplied data when adding articles to the /admin/edit.php page, and can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload.
| CPE | Name | Operator | Version |
|---|---|---|---|
| getsimple cms getsimple cms | eq | 3.3.16 |
Related
prion
prion
Cross site scripting
2024-01-08 20:15:00
nvd
nvd
CVE-2023-51246
2024-01-08 20:15:44
cve
cve
CVE-2023-51246
2024-01-08 20:15:44
cvelist
cvelist
CVE-2023-51246
2024-01-08 00:00:00