Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

GetSimple CMS 3.1 admin/upload.php path Parameter XSS

šŸ—“ļøĀ 12 May 2012Ā 00:00:00Reported byĀ Chokri Ben AchorTypeĀ 
exploitdb
Ā exploitdbšŸ”—Ā www.exploit-db.comšŸ‘Ā 40Ā Views

GetSimple CMS 3.1 admin/upload.php XSS vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2012-6621
3 Jan 202000:37
ā€“circl
CVE		CVE-2012-6621
16 Jan 201421:00
ā€“cve
Cvelist		CVE-2012-6621
16 Jan 201421:00
ā€“cvelist
Exploit DB		GetSimple CMS 3.1 admin/theme.php err Parameter Reflected XSS
12 May 201200:00
ā€“exploitdb
Exploit DB		GetSimple CMS 3.1 admin/pages.php error Parameter Reflected XSS
12 May 201200:00
ā€“exploitdb
Exploit DB		GetSimple CMS 3.1 admin/index.php Multiple Parameter Reflected XSS
12 May 201200:00
ā€“exploitdb
EUVD		EUVD-2012-6467
7 Oct 202500:30
ā€“euvd
NVD		CVE-2012-6621
16 Jan 201421:55
ā€“nvd
OpenVAS		GetSimple CMS 3.1.x / 3.2.x Multiple Vulnerabilities
21 Jan 201400:00
ā€“openvas
Prion		Cross site scripting
16 Jan 201421:55
ā€“prion
Rows per page
source: http://www.securityfocus.com/bid/53501/info
   
GetSimple CMS is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
   
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
   
GetSimple CMS 3.1 is vulnerable; other versions may also be affected. 

http://www.example.com/getsimple/admin/upload.php?path=%3E%22%3Ciframe%20src=http://www.vulnerability-lab.com%20width=800%20height=800%3E&newfolder=rem0ve

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 May 2012 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 24.3
EPSS0.00475
getsimple cmsxsshtml-injection
40