CVE-2021-47870

CVE-2021-47870 affects GetSimple CMS with the plugin “My SMTP Contact Plugin” v1.1.2. The stored XSS arises because input is sanitized with htmlspecialchars() but can be bypassed by escaped hex bytes, enabling arbitrary client-side code execution in an administrator’s browser when visiting a craf...

EUVD-2026-3608

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

PT-2026-3822

Name of the Vulnerable Software and Affected Versions GetSimple CMS My SMTP Contact Plugin version 1.1.2 Description A Stored Cross-Site Scripting XSS issue exists where the plugin fails to properly sanitize user input. Although the htmlspecialchars function is used for sanitization, it can be...

Apple macOS ImageIO DDS image out-of-bounds read vulnerability

Summary An out-of-bounds read vulnerability exists in the DDS image parsing functionality of ImageIO library on Apple macOS Big Sur 11.6.1 and iOS 15.1. A specially-crafted DDS file can disclose sensitive memory content which can aid in exploitation of other vulnerabilities. An attacker can deliv...

Amaya Web Browser 11 (bdo tag) Remote Stack Overflow Exploit (winxp)

Exploit for unknown platform in category remote exploits ==================================================================== Amaya Web Browser 11 bdo tag Remote Stack Overflow Exploit winxp ==================================================================== !/usr/bin/perl Amaya 11 bdo tag remot...