Cross site scripting

Cross-site scripting XSS vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the 1 post-content or 2 post-title parameter to admin/edit.php...

CVE-2015-5355

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the 1 post-content or 2 post-title parameter to admin/edit.php...

CVE-2015-5356

Cross-site scripting XSS vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter...

CVE-2015-5356

CVE-2015-5356 is a cross-site scripting (XSS) vulnerability in GetSimple CMS, affecting the admin/filebrowser.php script. The issue occurs in versions before 3.3.6 and allows a remote attacker to inject arbitrary web script or HTML by manipulating the func parameter. The public details consistent...

CVE-2015-5355

CVE-2015-5355 is a confirmed cross-site scripting vulnerability in GetSimple CMS prior to 3.3.6. The flaw arises in admin/edit.php where the parameters for post-content and post-title are not properly filtered, enabling remote attackers to inject arbitrary script/HTML. Affected software: GetSimpl...

GetSimple CMS 5.7.3.1 Cross Site Scripting

Date: 29/06/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Persistent XSS Tested on: Windows 7 Product: GetSimple CMS Version: 5.7.3.1 Description: Application is vulnerable to Persistent XSS attack on page - URL -...

Cagintranet Networks GetSimple CMS Cross-Site Scripting Vulnerability

Cagintranet Networks GetSimple CMS is an XML-based content management system from Cagintranet Networks, USA. The system includes a theme selector and editor, a component editor, image and file managers, and more. A cross-site scripting vulnerability exists in Cagintranet Networks GetSimple CMS th...

CVE-2014-8790

XML external entity XXE vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter...

Xxe

XML external entity XXE vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter...

CVE-2014-8790

XML external entity XXE vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter...

CVE-2014-8790

GetSimple CMS 3.1.1–3.3.x (before 3.3.5 Beta 1) is affected by an XML External Entity (XXE) vulnerability in admin/api.php. The issue arises from passing unsanitized POST data to simplexml_load_string(), enabling an attacker to disclose arbitrary files via the data parameter. Impact is consistent...

GetSimple CMS 'api.php' XML External Entity Information Disclosure Vulnerability

GetSimple CMS is a content management system. GetSimple CMS suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information or launch further attacks...

GetSimple CMS 3.3.4 XML External Entity Injection Vulnerability

GetSimple CMS versions 3.1.1 through 3.3.4 suffer from an XML external entity injection vulnerability. ------------------------------------------------------------------ GetSimple CMS adddata$in; User input passed via the "data" POST parameter is not properly sanitized before being used in a call...

GetSimple CMS 3.3.4 XML External Entity Injection

------------------------------------------------------------------ GetSimple CMS adddata$in; User input passed via the "data" POST parameter is not properly sanitized before being used in a call to the "simplexmlloadstring" function at line 23. This can be exploited to carry out XML External Enti...

GetSimple CMS 3.3.1 - Cross-Site Scripting

GetSimple CMS 3.3.1 - Cross-Site Scripting PoC for XSS bugs in the admin console of GetSimple CMS 3.3.1 CVE-2014-1603 by Pedro Ribeiro [email protected] from Agile Information Security Disclosure: 12/05/2014 / Last updated: 12/10/2014 Timeline: 04/11/2013 - Found bugs, produced proof of concept...

GetSimple CMS 3.3.1 - Cross-Site Scripting

PoC for XSS bugs in the admin console of GetSimple CMS 3.3.1 CVE-2014-1603 by Pedro Ribeiro [email protected] from Agile Information Security Disclosure: 12/05/2014 / Last updated: 12/10/2014 Timeline: 04/11/2013 - Found bugs, produced proof of concept. 05/11/2013 - Communicated to the developer,...

GetSimpleCMS PHP File Upload Exploit

This Metasploit module exploits a file upload vulnerability in GetSimple CMS. By abusing the upload.php file, a malicious authenticated user can upload an arbitrary file, including PHP code, which results in arbitrary code execution. This module requires Metasploit: http//metasploit.com/download...

GetSimple CMS 2.01 - Multiple Vulnerabilities (XSS/CSRF)

No description provided by source. !--- Title: GetSimple CMS 2.01 Multiple Vulnerabilities XSS/CSRF Author: 10n1z3d 10n1z3datwdotcn Date: Mon 12 Jul 2010 12:11:45 PM EEST Vendor: http://get-simple.info/ Download: http://www.box.net/get-simple --- -= CSRF PoC 1 - Change Admin Password =- html head...

GetSimple CMS 3.3.1 - Persistent Cross Site Scripting

No description provided by source. Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting Google Dork: N/A Date: 24-03-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Version: v3.3.1 Tested on: N/A CVE :...