Multiple Cross-Site Scripting (XSS) vulnerabilities in GetSimple CMS

Advisory ID: HTB23141 Product: GetSimple CMS Vendor: get-simple.info Vulnerable Versions: 3.1.2 and probably prior Tested Version: 3.1.2 Vendor Notification: January 23, 2013 Vendor Patch: April 26, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference:...

GetSimple CMS 3.1.2 Cross Site Scripting Vulnerability

GetSimple CMS version 3.1.2 suffers from multiple cross site scripting vulnerabilities. Product: GetSimple CMS Vendor: get-simple.info Vulnerable Versions: 3.1.2 and probably prior Tested Version: 3.1.2 Vendor Notification: January 23, 2013 Vendor Patch: April 26, 2013 Public Disclosure: May 1,...

GetSimple CMS 3.1.2 Cross Site Scripting

Advisory ID: HTB23141 Product: GetSimple CMS Vendor: get-simple.info Vulnerable Versions: 3.1.2 and probably prior Tested Version: 3.1.2 Vendor Notification: January 23, 2013 Vendor Patch: April 26, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference:...

GetSimple CMS /admin/edit.php Multiple Parameter XSS

GetSimple CMS /admin/edit.php Multiple Parameter XSS. CVE-2013-1420. Webapps exploit for php platform source: http://www.securityfocus.com/bid/59600/info GetSimple CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An...

GetSimple CMS /admin/filebrowser.php Multiple Parameter XSS

GetSimple CMS /admin/filebrowser.php Multiple Parameter XSS. CVE-2013-1420. Webapps exploit for php platform source: http://www.securityfocus.com/bid/59600/info GetSimple CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. A...

Multiple Cross-Site Scripting (XSS) vulnerabilities in GetSimple CMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in GetSimple CMS, which can be exploited to perform Cross-Site Scripting XSS attacks. The application has XSS filter, however it can be bypassed as demonstrated below. 1 Cross-Site Scripting XSS in GetSimple CMS:...

GetSimple 3.1.2 Code Execution

'; echo 'and login without password, right? Generated cookie: '; echo $cookiename . ''; echo 'Anyway: this simple code exploits vulnerability in :'; echo 'admin/settings.php:'; if $authenticated YES - set the login cookie, then redirect user to secure panel // createco...

Getsimple CMS 3.1.2 - path Local File Inclusion

Getsimple CMS 3.1.2 - path Local File Inclusion source: https://www.securityfocus.com/bid/54866/info GetSimple is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...

Getsimple CMS 3.1.2 - 'path' Local File Inclusion

source: https://www.securityfocus.com/bid/54866/info GetSimple is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in...

GetSimple CMS 3.1.2 Local File Inclusion / Path Disclosure

=========================================================================== Author: PuN!Sh3r Vulnerable Software: GetSimple CMS v 3.1.2 Official Site: http://get-simple.info/download/ =========================================================================== Hi to All.. We have Path Disclosure...

Getsimple CMS Items Manager Plugin - PHP.php Arbitrary File Upload

Getsimple CMS Items Manager Plugin - PHP.php Arbitrary File Upload source: https://www.securityfocus.com/bid/54255/info Items Manager Plugin for GetSimple CMS is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately...

Getsimple CMS Items Manager Plugin - 'PHP.php' Arbitrary File Upload

source: https://www.securityfocus.com/bid/54255/info Items Manager Plugin for GetSimple CMS is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability...

GetSimple - Items Manager Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

GetSimple Plugins - The Photo Gallery Timthumb Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

GetSimple CMS 3.1 Cross Site Scripting

Title: ====== GetSimple CMS v3.1 - Multiple Web Vulnerabilities Date: ===== 2012-05-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=521 VL-ID: ===== 521 Common Vulnerability Scoring System: ==================================== 5 Introduction: ============= GetSimple ...

GetSimple CMS 3.1 admin/upload.php path Parameter XSS

GetSimple CMS 3.1 admin/upload.php path Parameter XSS. CVE-2012-6621. Webapps exploit for php platform source: http://www.securityfocus.com/bid/53501/info GetSimple CMS is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input...

GetSimple CMS 3.1 admin/index.php Multiple Parameter Reflected XSS

GetSimple CMS 3.1 admin/index.php Multiple Parameter Reflected XSS. CVE-2012-6621. Webapps exploit for php platform source: http://www.securityfocus.com/bid/53501/info GetSimple CMS is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize...

GetSimple CMS 3.1 admin/pages.php error Parameter Reflected XSS

GetSimple CMS 3.1 admin/pages.php error Parameter Reflected XSS. CVE-2012-6621. Webapps exploit for php platform source: http://www.securityfocus.com/bid/53501/info GetSimple CMS is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplie...

GetSimple CMS 3.1 admin/theme.php err Parameter Reflected XSS

GetSimple CMS 3.1 admin/theme.php err Parameter Reflected XSS. CVE-2012-6621. Webapps exploit for php platform source: http://www.securityfocus.com/bid/53501/info GetSimple CMS is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied...

GetSimple CMS v3.1 - Multiple Web Vulnerabilities

Document Title: =============== GetSimple CMS v3.1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=521 Release Date: ============= 2012-05-03 Vulnerability Laboratory ID VL-ID: ==================================== 521 Commo...