462 matches found
CVE-2021-47860 GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...
EUVD-2026-3611
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...
CVE-2021-47860
CVE-2021-47860 concerns GetSimple CMS Custom JS 0.1. The vulnerability is a cross-site request forgery that can enable unauthenticated attackers to inject arbitrary client-side code into administrator browsers, potentially triggering a reflected XSS payload to execute remote code on the hosting s...
CVE-2021-47860 GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...
EUVD-2026-3660
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...
CVE-2021-47778 GetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code Injection
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...
CVE-2021-47778
CVE-2021-47778 affects GetSimple CMS My SMTP Contact Plugin 1.1.2. A PHP code injection vulnerability exists that allows an authenticated administrator to inject arbitrary PHP code via plugin configuration parameters, resulting in remote code execution on the server. The Red Hat and NVD/NVD-deriv...
CVE-2021-47778
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...
EUVD-2026-3644
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...
CVE-2021-47830 GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...
CVE-2021-47830
GetSimple CMS My SMTP Contact Plugin 1.1.1 is affected by a CSRF vulnerability. An attacker can lure an authenticated administrator to a malicious page to modify SMTP configuration settings, potentially enabling unauthorized changes. The vulnerability is CSRF with no direct remote code execution ...
CVE-2021-47830 GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...
CVE-2021-47830
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...
PT-2026-3799
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...
GetSimple Content Management System Cross-Site Request Forgery Vulnerability
GetSimple Content Management System is an open-source content management system developed by GetSimpleCMS. The GetSimple Content Management System has a cross-site request forgeing vulnerability, which stems from the existence of cross-site request forgery attacks. This vulnerability may allow...
PT-2026-3822
Name of the Vulnerable Software and Affected Versions GetSimple CMS My SMTP Contact Plugin version 1.1.2 Description A Stored Cross-Site Scripting XSS issue exists where the plugin fails to properly sanitize user input. Although the htmlspecialchars function is used for sanitization, it can be...
PT-2026-3796
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...
GetSimple CMS Cross-Site Request Forgery Vulnerability
GetSimple CMS is an open-source content management system developed by GetSimple CMS. Version 1.1.1 of GetSimple CMS contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery attacks, which may allow unauthorized changes to SMTP configuration...
GetSimple CMS cross-site scripting vulnerability
GetSimple CMS is an open-source content management system developed by GetSimple CMS. Version 1.1.2 of GetSimple CMS contains a cross-site scripting vulnerability. This vulnerability stems from insufficient cleaning and escaping of characters, which may lead to storage-based cross-site scripting...
GetSimple Content Management System: Code Injection Vulnerability
GetSimple Content Management System is an open-source content management system developed by GetSimpleCMS. Version 1.1.2 of GetSimple Content Management System has a code injection vulnerability. This vulnerability stems from PHP code injection through plugin configuration parameters, which may...