Lucene search
HistoryMay 14, 2014 - 7:55 p.m.
CVE-2014-1603
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.0%
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action to admin/settings.php.
Affected configurations
Node
get-simplegetsimple_cmsMatch3.3.1
Related
packetstorm
packetstorm
GetSimple CMS 3.3.1 Cross Site Scripting
2014-05-13 00:00:00
cve
cve
CVE-2014-1603
2014-05-14 19:55:10
exploitpack
exploitpack
GetSimple CMS 3.3.1 - Cross-Site Scripting
2014-10-12 00:00:00
prion
prion
Cross site scripting
2014-05-14 19:55:00
cvelist
cvelist
CVE-2014-1603
2014-05-14 19:00:00
exploitdb
exploitdb
GetSimple CMS 3.3.1 - Cross-Site Scripting
2014-10-12 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.0%
Related for NVD:CVE-2014-1603