GetSimple CMS 2.01 and 2.02 Administrative Credentials Disclosure

No description provided by source. Researcher: Michael Brooks Affecting: GetSimple CMS 2.01 and 2.02 Fixed:2.03 Vulnerability: Administrative Credentials Disclosure Vendor's Homepage: http://code.google.com/p/get-simple-cms download url for 2.01: http://www.box.net/get-simple/1/30435008/399754548...

GetSimple 2.01 LFI

No description provided by source. Exploit Title: GetSimple 2.01 LFI Date: 4/5/2010 Author: Batch Software Link: http://www.box.net/get-simple Version: 2.01 Special Conditions: Must be admin. Code : ... get file if fileexists$GET'file' readfile$GET'file', 'r'; exit;...

CVE-2014-1603

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 param parameter to admin/load.php or 2 user, 3 email, or 4 name parameter in a Save Settings action to admin/settings.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 param parameter to admin/load.php or 2 user, 3 email, or 4 name parameter in a Save Settings action to admin/settings.php...

CVE-2014-1603

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 param parameter to admin/load.php or 2 user, 3 email, or 4 name parameter in a Save Settings action to admin/settings.php...

CVE-2014-1603

CVE-2014-1603 concerns multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 . According to the sources, an attacker can inject arbitrary web script or HTML via the (1) param parameter to admin/load.php, or (2) user , (3) email , or (4) name parameters in a Save Settings acti...

GetSimple CMS 3.3.1 Cross Site Scripting

PoC for XSS bugs in the admin console of GetSimple CMS 3.3.1 CVE-2014-1603 by Pedro Ribeiro [email protected] from Agile Information Security Timeline: 04/11/2013 - Found bugs, produced proof of concept. 05/11/2013 - Communicated to the developer, which acknowledged receipt. 10/01/2014 - Politely...

GetSimple CMS 3.3.1 - Persistent Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting Google Dork: N/A Date: 24-03-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Version: v3.3.1...

Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting

Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting Google Dork: N/A Date: 24-03-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Version: v3.3.1...

Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting

Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting Google Dork: N/A Date: 24-03-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Version: v3.3.1 Tested on: N/A CVE : N/A Description: In the...

GetSimple CMS 3.1.x / 3.2.x Multiple Vulnerabilities

GetSimple CMS is prone to multiple vulnerabilities. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2013-7243

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 post-menu field to edit.php or 2 Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 post-menu field to edit.php or 2 Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already...

CVE-2013-7243

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 post-menu field to edit.php or 2 Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already...

CVE-2013-7243

CVE-2013-7243 concerns GetSimple CMS versions 3.1.2 and 3.2.3, which are vulnerable to multiple cross-site scripting (XSS) vulnerabilities. The weaknesses allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php and (2) Display name field to settings.p...

CVE-2012-6621

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Email Address or 2 Custom Permalink Structure fields in admin/settings.php; 3 path parameter to admin/upload.php; 4 err paramet...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Email Address or 2 Custom Permalink Structure fields in admin/settings.php; 3 path parameter to admin/upload.php; 4 err paramet...

CVE-2012-6621

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Email Address or 2 Custom Permalink Structure fields in admin/settings.php; 3 path parameter to admin/upload.php; 4 err paramet...

CVE-2012-6621

GetSimple CMS versions 3.1, 3.1.2, 3.2.3 and earlier are affected by multiple cross-site scripting (XSS) vulnerabilities. The issue arises in admin/settings.php (Email Address, Custom Permalink Structure fields), admin/upload.php (path parameter), admin/theme.php (err parameter), admin/pages.php ...

GetSimple CMS 3.1.2 / 3.2.3 Cross Site Scripting

Author Information Author : Ahmed Elhady Mohamed Website : http://1nfosec4all.blogspot.com/ twitter : @kingasmk facebook :https://www.facebook.com/groups/ITsec4all/ Software Information Affected Software : GetSimple CMS 3.2.3, 3.1.2 Software website : http://get-simple.info/ CVE Reference :...