462 matches found
GetSimple CMS 3.3.13 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: GetSimple CMS 3.3.13 - Cross Site Scripting Vulnerability Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Affected...
GetSimple CMS 3.3.13 - Cross-Site Scripting
Exploit Title: GetSimple CMS 3.3.13 - Cross Site Scripting Vulnerability Google Dork: N/A Date: 03-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Affected Version: 3.3.13...
CVE-2018-9173
Cross-site scripting XSS vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter...
CVE-2018-9173
Cross-site scripting XSS vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter...
CVE-2018-9173
Cross-site scripting XSS vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter...
CVE-2018-9173
CVE-2018-9173 affects GetSimple CMS 3.3.13. A cross‑site scripting vulnerability exists in the SWF file used by the uploadify uploader: admin/template/js/uploadify/uploadify.swf . The root cause is an XSS via the movieName parameter, allowing remote attackers to inject arbitrary web script or HTM...
CVE-2018-9173
Cross-site scripting XSS vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter...
GetSimple CMS Cross-Site Scripting Vulnerability
Cagintranet Networks GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in the...
Cagintranet Networks GetSimple CMS Cross-Site Scripting Vulnerability
Cagintranet Networks GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in Cagintranet Networks GetSimple CMS...
Design/Logic Flaw
admin/profile.php in GetSimple CMS 3.x has XSS in a name field...
CVE-2017-10673
admin/profile.php in GetSimple CMS 3.x has XSS in a name field...
CVE-2017-10673
admin/profile.php in GetSimple CMS 3.x has XSS in a name field...
CVE-2017-10673
admin/profile.php in GetSimple CMS 3.x has XSS in a name field...
CVE-2017-10673
CVE-2017-10673 affects GetSimple CMS 3.x; the admin/profile.php name field is vulnerable to cross-site scripting (XSS). The root cause is improper handling/escaping of the name value, enabling injection of arbitrary script/HTML. Impact is limited to contexts where the vulnerable profile name is r...
GetSimple CMS 'admin/profile.php' Cross-Site Scripting Vulnerability
Cagintranet Networks GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in the name field of the...
GetSimple CMS Elevation of Privilege Vulnerability
GetSimple is a content management system. An elevation of privilege vulnerability exists in admin/inc/templatefunctions.php in GetSimple CMS, which can be exploited by an attacker to elevate privileges to an arbitrary user or conduct a CSRF attack by counting session cookies or CSRF nonce...
Cross site request forgery (csrf)
Poor cryptographic salt initialization in admin/inc/templatefunctions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce...
CVE-2017-8081
Poor cryptographic salt initialization in admin/inc/templatefunctions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce...
CVE-2017-8081
Poor cryptographic salt initialization in admin/inc/templatefunctions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce...