Lucene search
Chokri Ben AchorEDB-ID:37159HistoryMay 12, 2012 - 12:00 a.m.
GetSimple CMS 3.1 admin/upload.php path Parameter XSS
2012-05-1200:00:00
Chokri Ben Achor
www.exploit-db.com
20
0.003 Low
EPSS
Percentile
66.4%
GetSimple CMS 3.1 admin/upload.php path Parameter XSS. CVE-2012-6621. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/53501/info
GetSimple CMS is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
GetSimple CMS 3.1 is vulnerable; other versions may also be affected.
http://www.example.com/getsimple/admin/upload.php?path=%3E%22%3Ciframe%20src=http://www.vulnerability-lab.com%20width=800%20height=800%3E&newfolder=rem0ve Related
exploitdb
exploitdb
GetSimple CMS 3.1 admin/pages.php error Parameter Reflected XSS
2012-05-12 00:00:00
GetSimple CMS 3.1 admin/theme.php err Parameter Reflected XSS
2012-05-12 00:00:00
GetSimple CMS 3.1 admin/index.php Multiple Parameter Reflected XSS
2012-05-12 00:00:00
prion
prion
Cross site scripting
2014-01-16 21:55:00
Cross site scripting
2020-01-02 21:15:00
Cross site scripting
2014-01-17 15:18:00
nvd
nvd
cvelist
cvelist
cve
cve
openvas
openvas
GetSimple CMS 3.1.x / 3.2.x Multiple Vulnerabilities
2014-01-21 00:00:00