Lucene search
K

43681 matches found

RedhatCVE
RedhatCVE
added 2026/01/22 5:34 p.m.7 views

CVE-2021-47860

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...

8.5CVSS6AI score0.00226EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/22 5:34 p.m.5 views

CVE-2021-47778

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

8.6CVSS6.7AI score0.0109EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.8 views

PT-2026-7943

Name of the Vulnerable Software and Affected Versions Solspace Freeform plugin for Craft CMS versions 5.0 through 5.14.6 Description A low-privilege authenticated user with form creation/editing permissions can inject arbitrary HTML and JavaScript code into the Craft Control Panel builder and...

5.1CVSS5.5AI score0.00253EPSS
Exploits1References10
GithubExploit
GithubExploit
added 2026/01/21 10:17 p.m.166 views

Exploit for Cross-site Scripting in Exponentcms Exponent_Cms

Synthetic Test Case: CVE-2017-8085 CWE: CWE-79 Origin...

6.1CVSS5.6AI score0.01147EPSS
Exploits1
NVD
NVD
added 2026/01/21 6:16 p.m.7 views

CVE-2021-47870

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

5.4CVSS0.00229EPSS
Exploits1References5
OSV
OSV
added 2026/01/21 6:16 p.m.5 views

CVE-2021-47870

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

5.4CVSS5.9AI score0.00229EPSS
Exploits1References5
OSV
OSV
added 2026/01/21 6:16 p.m.3 views

CVE-2021-47860

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...

4.3CVSS6.2AI score0.00226EPSS
Exploits1References6
OSV
OSV
added 2026/01/21 6:16 p.m.4 views

CVE-2021-47830

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

6.5CVSS6AI score0.00349EPSS
Exploits1References5
NVD
NVD
added 2026/01/21 6:16 p.m.8 views

CVE-2021-47830

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

6.5CVSS0.00349EPSS
Exploits1References5
OSV
OSV
added 2026/01/21 6:16 p.m.2 views

CVE-2021-47778

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

7.2CVSS6.4AI score0.0109EPSS
Exploits1References5
EUVD
EUVD
added 2026/01/21 5:32 p.m.5 views

EUVD-2026-3608

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

5.8AI score0.00229EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/01/21 5:32 p.m.20 views

CVE-2021-47870 GetSimple CMS My SMTP Contact Plugin 1.1.2 - Stored XSS

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

4.8CVSS0.00229EPSS
Exploits1References5
CVE
CVE
added 2026/01/21 5:32 p.m.13 views

CVE-2021-47870

CVE-2021-47870 affects GetSimple CMS with the plugin “My SMTP Contact Plugin” v1.1.2. The stored XSS arises because input is sanitized with htmlspecialchars() but can be bypassed by escaped hex bytes, enabling arbitrary client-side code execution in an administrator’s browser when visiting a craf...

5.4CVSS5.8AI score0.00229EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/21 5:32 p.m.3 views

CVE-2021-47870 GetSimple CMS My SMTP Contact Plugin 1.1.2 - Stored XSS

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

4.8CVSS5.8AI score0.00229EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/21 5:29 p.m.2 views

CVE-2021-47860 GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...

8.5CVSS6AI score0.00226EPSS
Exploits1References6
CVE
CVE
added 2026/01/21 5:29 p.m.10 views

CVE-2021-47860

CVE-2021-47860 concerns GetSimple CMS Custom JS 0.1. The vulnerability is a cross-site request forgery that can enable unauthenticated attackers to inject arbitrary client-side code into administrator browsers, potentially triggering a reflected XSS payload to execute remote code on the hosting s...

8.5CVSS6AI score0.00226EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/01/21 5:29 p.m.16 views

CVE-2021-47860 GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...

8.5CVSS0.00226EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/01/21 5:29 p.m.3 views

CVE-2021-47778

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

8.6CVSS6.6AI score0.0109EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/01/21 5:29 p.m.3 views

EUVD-2026-3660

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

8.6CVSS6.7AI score0.0109EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/01/21 5:29 p.m.3 views

CVE-2021-47778 GetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code Injection

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

8.6CVSS6.7AI score0.0109EPSS
Exploits1References5
Rows per page
Query Builder