Lucene search

[email protected]CVE-2013-7243

HistoryJan 17, 2014 - 3:18 p.m.

CVE-2013-7243

2014-01-1715:18:02

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-7243

xss

getsimple cms

3.1.2

3.2.3

vulnerability

web script

html

remote attackers

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php or (2) Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already covered by CVE-2012-6621.

Affected configurations

NVD

Node

get-simplegetsimple_cmsMatch3.1.2

get-simplegetsimple_cmsMatch3.2.3

CPENameOperatorVersion
get-simple:getsimple_cmsget-simple getsimple cmseq3.1.2
get-simple:getsimple_cmsget-simple getsimple cmseq3.2.3

CPE	Name	Operator	Version
get-simple:getsimple_cms	get-simple getsimple cms	eq	3.1.2
get-simple:getsimple_cms	get-simple getsimple cms	eq	3.2.3

References

osvdb.org/101922

packetstormsecurity.com/files/124711

exchange.xforce.ibmcloud.com/vulnerabilities/90191

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.4%

JSON

Related for CVE-2013-7243

prion3 cvelist3 nvd3 openvas1 packetstorm1 cve2 exploitdb4