CVE-2022-41544

Summary: CVE-2022-41544 affects GetSimple CMS 3.3.16 and earlier. The vulnerability enables remote code execution via the theme editor (admin/theme-edit.php), with proven exploitation paths that upload and execute PHP shells. Public PoCs and exploits exist (GitHub scripts and a PacketsStorm write...

PT-2022-25928 · Unknown · Getsimple Cms

Name of the Vulnerable Software and Affected Versions: GetSimple CMS version 3.3.16 Description: The issue is a remote code execution RCE vulnerability. It can be exploited via the edited file parameter in the admin/theme-edit.php file. Recommendations: For GetSimple CMS version 3.3.16, update to...

CVE-2022-41544

GetSimple CMS v3.3.16 was discovered to contain a remote code execution RCE vulnerability via the editedfile parameter in admin/theme-edit.php...

GetSimple CMS Cross-Site Scripting Vulnerability

GetSimple CMS is a content management system CMS written in PHP. GetSimple CMS suffers from a cross-site scripting vulnerability that originates from a lack of data validation filtering of user-supplied data and output in /admin/edit.php. An attacker could exploit this vulnerability to execute...

CVE-2022-1503

A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like alert1 leads to cross site scripting. The attack may be launched remote...

CVE-2022-1503

A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like alert1 leads to cross site scripting. The attack may be launched remote...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like alert1 leads to cross site scripting. The attack may be launched remote...

CVE-2022-1503

CVE-2022-1503 affects GetSimple CMS, where the vulnerability resides in the Content Module’s file /admin/edit.php . The root cause is improper handling of the argument post-content, allowing cross-site scripting (XSS) when an input like is processed. The advisory notes that the attack can be lau...

CVE-2022-1503 GetSimple CMS Content Module edit.php cross site scripting

A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like alert1 leads to cross site scripting. The attack may be launched remote...

CVE-2022-1503 GetSimple CMS Content Module edit.php cross site scripting

A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like alert1 leads to cross site scripting. The attack may be launched remote...

GetSimple CMS 跨站脚本漏洞

GetSimple CMS is a content management system CMS written in PHP. GetSimple CMS suffers from a cross-site scripting vulnerability that originates from a lack of data validation filtering of user-supplied data and output in /admin/edit.php. An attacker could exploit this vulnerability to execute...

GetSimple CMS <= 3.3.16 Multiple XSS Vulnerabilities

GetSimple CMS is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

CVE-2021-29400

A cross-site request forgery CSRF vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site...

CVE-2021-29400

A cross-site request forgery CSRF vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site...

CVE-2021-29400

CVE-2021-29400 is a cross-site request forgery in the GetSimple CMS environment, affecting the My SMTP Contact plugin v1.1.1. The issue permits an unauthenticated attacker to induce an admin, visiting a malicious site, to change SMTP settings for the CMS contact forms through CSRF. The current so...

CVE-2021-29400

A cross-site request forgery CSRF vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site...

GetSimple CMS 跨站请求伪造漏洞

GetSimple CMS is a content management system CMS written in PHP. A security vulnerability exists in the My SMTP Contact v1.1.1 plugin for GetSimple CMS, which stems from a lack of proper validation of client-side data in the WEB application. An attacker can exploit the vulnerability to execute...

GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2021-61755)

GetSimple CMS is an XML-based, fully independent and streamlined content management system. /admin/snippets.php in GetSimple CMS version 3.4.0a is vulnerable to a stored cross-site scripting vulnerability, which can be exploited by attackers to execute arbitrary Web scripts or HTML via the Edit...

GetSimple CMS <= 3.4.0.9 Multiple XSS Vulnerabilities

GetSimple CMS is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...