GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS Vulnerability

Exploit Title: GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS Exploit Author: Abhishek Joshi Vendor Homepage: http://get-simple.info/extend/plugin/custom-js/1267 / http://get-simple.info/download Software Link: http://get-simple.info/extend/export/5260/1267/custom-js.zip Version: 0.1...

GetSimple CMS Custom JS 0.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS Exploit Author: Abhishek Joshi Date: March 25, 2021 Vendor Homepage: http://get-simple.info/extend/plugin/custom-js/1267 / http://get-simple.info/download Software Link:...

'customhs_js_content' - 'customhs_js_content' Cross-Site Request Forgery

Exploit Title: GetSimple CMS Custom JS Plugin 0.1 - 'customhsjscontent' Cross-Site Request Forgery Exploit Author: Abhishek Joshi Date: March 25, 2021 Vendor Homepage: http://get-simple.info/extend/plugin/custom-js/1267 / http://get-simple.info/download Software Link:...

GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2020-63995)

GetSimple CMS is a content management system CMS written in PHP. A security vulnerability exists in GetSimple CMS version 3.3.16, which originates from allowing persistent cross-site scripting execution of "permalinks" on parameter setting pages when you create and open a new page. No details of...

GetSimple CMS Persistent Cross-Site Scripting

A cross-site scripting vulnerability exists in GetSimple CMS. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

CVE-2020-24861

GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page...

CVE-2020-24861

GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page...

Cross site scripting

GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page...

CVE-2020-24861

GetSimple CMS 3.3.16 is affected by a persistent Cross Site Scripting vulnerability on the Settings page via the permal ink parameter when creating/opening a new page. Root cause: unsanitized input in the permalink parameter. Impact: XSS execution in the user context. Exploitation status not prov...

CVE-2020-24861

GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page...

GetSimple CMS 3.3.16 Cross Site Scripting

Exploit Title: GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting Authenticated Google Dork: - Date: 2020-09-29 Exploit Author: Roel van Beurden Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/download Version: 3.3.16 Tested on: Linux Ubuntu 18.04 CVE: N/A 1...

GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting (Authenticated)

Exploit Title: GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting Authenticated Google Dork: - Date: 2020-09-29 Exploit Author: Roel van Beurden Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/download Version: 3.3.16 Tested on: Linux Ubuntu 18.04 CVE: N/A 1...

GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2020-54918)

GetSimple CMS is a content management system CMS written in PHP. A cross-site request forgery vulnerability exists in the multi-user plugin 1.8.2 for GetSimple CMS, which stems from a lack of proper authentication of client-side data by the WEB application. An attacker can exploit the vulnerabili...

CVE-2020-23837

A Cross-Site Request Forgery CSRF vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin or other users after an authenticated admin visits a third-party site or clicks on a URL...

CVE-2020-23837

A Cross-Site Request Forgery CSRF vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin or other users after an authenticated admin visits a third-party site or clicks on a URL...

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin or other users after an authenticated admin visits a third-party site or clicks on a URL...

CVE-2020-23837

A Cross-Site Request Forgery CSRF vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin or other users after an authenticated admin visits a third-party site or clicks on a URL...

CVE-2020-23837

CVE-2020-23837 describes a CSRF vulnerability in the GetSimple CMS, specifically the Multi User plugin 1.8.2. The issue allows remote attackers to add admin (or other) users after an authenticated administrator visits a third‑party site or clicks a URL. The affected component is the Multi User pl...

GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2020-50147)

GetSimple CMS is a content management system CMS written in PHP. GetSimple CMS v3.3.16 suffers from an XSS vulnerability that stems from a lack of proper validation of client-side data in the WEB application. An attacker can exploit this vulnerability to execute client-side code...

CVE-2020-23839

A Reflected Cross-Site Scripting XSS vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the logi...