Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Getsimplecms Security Vulnerabilities

cve
cve

CVE-2020-18191

GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php

9.1CVSS

9.2AI Score

0.003EPSS

2020-10-02 02:15 PM
21
cve
cve

CVE-2020-18657

Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.

6.1CVSS

6.1AI Score

0.001EPSS

2021-06-23 07:15 PM
41
5
cve
cve

CVE-2020-18658

Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.

6.1CVSS

6.2AI Score

0.001EPSS

2021-06-23 07:15 PM
56
5
cve
cve

CVE-2020-18659

Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php

6.1CVSS

6.3AI Score

0.001EPSS

2021-06-23 07:15 PM
55
5
cve
cve

CVE-2020-18660

GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.

6.1CVSS

6.5AI Score

0.001EPSS

2021-06-23 09:15 PM
49
5
cve
cve

CVE-2020-20389

Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php.

4.8CVSS

5AI Score

0.001EPSS

2021-06-23 03:15 PM
26
2
cve
cve

CVE-2020-20391

Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.

5.4CVSS

5.4AI Score

0.001EPSS

2021-06-23 03:15 PM
20
2
cve
cve

CVE-2020-21353

A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets module.

5.4CVSS

5.4AI Score

0.001EPSS

2021-08-06 11:15 PM
68
4
cve
cve

CVE-2021-28976

Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.

7.2CVSS

7.4AI Score

0.003EPSS

2021-06-23 01:15 PM
24
4
cve
cve

CVE-2021-28977

Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,

4.8CVSS

5.2AI Score

0.001EPSS

2021-06-23 01:15 PM
21
cve
cve

CVE-2021-36601

GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter.

6.1CVSS

5.9AI Score

0.001EPSS

2021-08-10 03:15 PM
26
cve
cve

CVE-2023-46040

Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function.

5.4CVSS

5.8AI Score

0.001EPSS

2023-10-31 02:15 AM
52
cve
cve

CVE-2023-46042

An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().

9.8CVSS

9.4AI Score

0.007EPSS

2023-10-19 03:15 PM
35
cve
cve

CVE-2023-51246

A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page.

5.4CVSS

5.3AI Score

0.0004EPSS

2024-01-08 08:15 PM
15
cve
cve

CVE-2023-6188

A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may ...

9.8CVSS

9.7AI Score

0.002EPSS

2023-11-17 06:15 PM
66