Lucene search
K

25 matches found

RedhatCVE
RedhatCVE
added 2026/01/22 5:34 p.m.6 views

CVE-2021-47870

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

5.4CVSS5.8AI score0.00229EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/22 5:34 p.m.5 views

CVE-2021-47778

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

8.6CVSS6.7AI score0.0109EPSS
Exploits1References1
NVD
NVD
added 2026/01/21 6:16 p.m.8 views

CVE-2021-47870

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

5.4CVSS0.00229EPSS
Exploits1References5
OSV
OSV
added 2026/01/21 6:16 p.m.5 views

CVE-2021-47870

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

5.4CVSS5.9AI score0.00229EPSS
Exploits1References5
OSV
OSV
added 2026/01/21 6:16 p.m.4 views

CVE-2021-47830

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

6.5CVSS6AI score0.00349EPSS
Exploits1References5
NVD
NVD
added 2026/01/21 6:16 p.m.8 views

CVE-2021-47830

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

6.5CVSS0.00349EPSS
Exploits1References5
OSV
OSV
added 2026/01/21 6:16 p.m.4 views

CVE-2021-47778

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

7.2CVSS6.4AI score0.0109EPSS
Exploits1References5
CVE
CVE
added 2026/01/21 5:32 p.m.13 views

CVE-2021-47870

CVE-2021-47870 affects GetSimple CMS with the plugin “My SMTP Contact Plugin” v1.1.2. The stored XSS arises because input is sanitized with htmlspecialchars() but can be bypassed by escaped hex bytes, enabling arbitrary client-side code execution in an administrator’s browser when visiting a craf...

5.4CVSS5.8AI score0.00229EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/01/21 5:32 p.m.6 views

EUVD-2026-3608

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

5.8AI score0.00229EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/01/21 5:29 p.m.3 views

CVE-2021-47778

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

8.6CVSS6.6AI score0.0109EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/01/21 5:29 p.m.4 views

EUVD-2026-3660

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

8.6CVSS6.7AI score0.0109EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.6 views

PT-2026-3796

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

8.6CVSS6.7AI score0.0109EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-16035

Malware in sbrugna...

6.5CVSS6.6AI score0.00557EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:35 p.m.5 views

CVE-2021-29400

A cross-site request forgery CSRF vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site...

6.5CVSS7AI score0.00557EPSS
Exploits1References1
OSV
OSV
added 2021/08/10 11:15 p.m.4 views

CVE-2021-29400

A cross-site request forgery CSRF vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site...

6.5CVSS5.8AI score0.00557EPSS
Exploits1References1
Prion
Prion
added 2021/08/10 11:15 p.m.16 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site...

4.3CVSS6.5AI score0.00557EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/10 10:30 p.m.20 views

CVE-2021-29400

A cross-site request forgery CSRF vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site...

6.7AI score0.00557EPSS
Exploits1References1
CVE
CVE
added 2021/08/10 10:30 p.m.61 views

CVE-2021-29400

CVE-2021-29400 is a cross-site request forgery in the GetSimple CMS environment, affecting the My SMTP Contact plugin v1.1.1. The issue permits an unauthenticated attacker to induce an admin, visiting a malicious site, to change SMTP settings for the CMS contact forms through CSRF. The current so...

6.5CVSS6.4AI score0.00557EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.3 views

GetSimple CMS 跨站请求伪造漏洞

GetSimple CMS is a content management system CMS written in PHP. A security vulnerability exists in the My SMTP Contact v1.1.1 plugin for GetSimple CMS, which stems from a lack of proper validation of client-side data in the WEB application. An attacker can exploit the vulnerability to execute...

6.5CVSS6.7AI score0.00557EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2021/04/23 12:15 a.m.3 views

gsSMTP-Csrf2Xss2RCE

GetSimple CMS My SMTP Contact Plugin = v1.1.1 - CSRF to Stor...

6.3AI score
Exploits0
Rows per page
Query Builder