Lucene search
PRIOn knowledge basePRION:CVE-2012-6621HistoryJan 16, 2014 - 9:55 p.m.
Cross site scripting
2014-01-1621:55:00
PRIOn knowledge base
www.prio-n.com
1
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php.
| CPE | Name | Operator | Version |
|---|---|---|---|
| getsimple_cms | le | 3.2.3 | |
| getsimple_cms | eq | 1.0 | |
| getsimple_cms | eq | 1.1 | |
| getsimple_cms | eq | 1.2 | |
| getsimple_cms | eq | 1.3 | |
| getsimple_cms | eq | 1.4 | |
| getsimple_cms | eq | 1.5 | |
| getsimple_cms | eq | 1.6 | |
| getsimple_cms | eq | 1.7 | |
| getsimple_cms | eq | 1.25 |
References
packetstormsecurity.com/files/124711
packetstormsecurity.org/files/112643/GetSimple-CMS-3.1-Cross-Site-Scripting.html
secunia.com/advisories/49137
www.securityfocus.com/bid/53501
www.vulnerability-lab.com/get_content.php?id=521
exchange.xforce.ibmcloud.com/vulnerabilities/75534
exchange.xforce.ibmcloud.com/vulnerabilities/75535
Related
exploitdb
exploitdb
GetSimple CMS 3.1 admin/pages.php error Parameter Reflected XSS
2012-05-12 00:00:00
GetSimple CMS 3.1 admin/upload.php path Parameter XSS
2012-05-12 00:00:00
GetSimple CMS 3.1 admin/theme.php err Parameter Reflected XSS
2012-05-12 00:00:00
nvd
nvd
cvelist
cvelist
cve
cve
prion
prion
Cross site scripting
2020-01-02 21:15:00
Cross site scripting
2014-01-17 15:18:00
openvas
openvas
GetSimple CMS 3.1.x / 3.2.x Multiple Vulnerabilities
2014-01-21 00:00:00