Lucene search
K
Get-simpleGetsimple Cms

26 matches found

CVE
CVE
added 2019/05/22 5:5 p.m.156 views

CVE-2019-11231

GetSimple CMS

9.8CVSS9.6AI score0.71598EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.146 views

CVE-2022-41544

Summary: CVE-2022-41544 affects GetSimple CMS 3.3.16 and earlier. The vulnerability enables remote code execution via the theme editor (admin/theme-edit.php), with proven exploitation paths that upload and execute PHP shells. Public PoCs and exploits exist (GitHub scripts and a PacketsStorm write...

9.8CVSS9.8AI score0.09442EPSS
CVE
CVE
added 2020/01/02 8:21 p.m.110 views

CVE-2013-1420

GetSimple CMS before 3.2.1 has multiple XSS weaknesses allowing remote injection of script/HTML via: (1) id in backup-edit.php; (2) title or (3) menu in edit.php; or (4) path or (5) returnid in filebrowser.php under admin/. Note: path in admin/upload.php is covered by CVE-2012-6621. No public det...

6.1CVSS5.9AI score0.0106EPSS
Web
CVE
CVE
added 2020/09/01 4:40 p.m.98 views

CVE-2020-23839

CVE-2020-23839 affects GetSimple CMS v3.3.16, specifically the admin/index.php login portal. The issue is a reflected XSS caused by improper input validation, enabling an attacker to cause JavaScript execution in an admin user’s browser and potentially harvest credentials after interacting with a...

6.1CVSS6AI score0.10459EPSS
CVE
CVE
added 2017/03/17 2:0 p.m.96 views

CVE-2014-8722

GetSimple CMS 3.3.4 is affected by CVE-2014-8722, enabling information disclosure via direct requests to (1) data/users/.xml, (2) backups/users/.xml.bak, (3) data/other/authorization.xml, and (4) data/other/appid.xml. Root cause is exposed sensitive data without proper access control. Public expl...

7.5CVSS7.2AI score0.14374EPSS
Web
CVE
CVE
added 2019/09/15 9:22 p.m.92 views

CVE-2019-16333

GetSimple CMS v3.3.15 is affected by a persistent Cross-Site Scripting (XSS) vulnerability in admin/theme-edit.php. The CVE description and connected sources (NVD/NVD mirrors, OpenVAS entry, and related advisories) consistently identify GetSimple CMS 3.3.15 as vulnerable to XSS in that admin page...

5.4CVSS5.3AI score0.00667EPSS
CVE
CVE
added 2018/11/21 9:0 p.m.88 views

CVE-2018-19420

In GetSimpleCMS 3.3.15, an HTML-execution vulnerability exists in the upload handling path. Although admin/upload.php blocks .html uploads, HTML can still be executed via edge cases such as files with no extension or unrecognized extensions (e.g., test or test.asdf) through the interaction with a...

4CVSS4.4AI score0.00777EPSS
CVE
CVE
added 2014/05/14 7:0 p.m.67 views

CVE-2014-1603

CVE-2014-1603 concerns multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 . According to the sources, an attacker can inject arbitrary web script or HTML via the (1) param parameter to admin/load.php, or (2) user , (3) email , or (4) name parameters in a Save Settings acti...

4.3CVSS5.8AI score0.03217EPSS
Web
CVE
CVE
added 2018/11/21 9:0 p.m.67 views

CVE-2018-19421

CVE-2018-19421 affects GetSimpleCMS 3.3.15. The vulnerability arises in the upload handling: admin/upload-uploadify.php and the validation routine in admin/inc/security_functions.php interact with admin/upload.php, which blocks .html uploads but allows Internet Explorer to render HTML elements co...

4CVSS4.5AI score0.00777EPSS
CVE
CVE
added 2018/09/01 10:0 p.m.62 views

CVE-2018-16325

GetSimple CMS 3.4.0.9 is affected by Stored/ reflected XSS via the admin/edit.php title field (CVE-2018-16325). The available connected documents confirm XSS in the title input, but do not provide exploitation details or a patch/mitigation entry. No explicit root-cause or vulnerable vector beyond...

6.1CVSS5.5AI score0.00797EPSS
CVE
CVE
added 2014/01/16 9:0 p.m.61 views

CVE-2012-6621

GetSimple CMS versions 3.1, 3.1.2, 3.2.3 and earlier are affected by multiple cross-site scripting (XSS) vulnerabilities. The issue arises in admin/settings.php (Email Address, Custom Permalink Structure fields), admin/upload.php (path parameter), admin/theme.php (err parameter), admin/pages.php ...

4.3CVSS5.9AI score0.01432EPSS
Web
CVE
CVE
added 2015/07/01 4:0 p.m.60 views

CVE-2015-5356

CVE-2015-5356 is a cross-site scripting (XSS) vulnerability in GetSimple CMS, affecting the admin/filebrowser.php script. The issue occurs in versions before 3.3.6 and allows a remote attacker to inject arbitrary web script or HTML by manipulating the func parameter. The public details consistent...

4.3CVSS5.9AI score0.01786EPSS
CVE
CVE
added 2018/04/02 3:0 a.m.60 views

CVE-2018-9173

CVE-2018-9173 affects GetSimple CMS 3.3.13. A cross‑site scripting vulnerability exists in the SWF file used by the uploadify uploader: admin/template/js/uploadify/uploadify.swf . The root cause is an XSS via the movieName parameter, allowing remote attackers to inject arbitrary web script or HTM...

6.1CVSS5.9AI score0.02496EPSS
CVE
CVE
added 2011/10/05 10:0 a.m.59 views

CVE-2010-4863

GetSimple CMS 2.01 is affected by a Cross-site Scripting (XSS) vulnerability in admin/changedata.php via the post-title parameter. The root cause is an input sanitation error that allows remote attackers to inject arbitrary HTML/JS into a user’s browser. The CVE entry CVE-2010-4863 documents this...

4.3CVSS5.8AI score0.03336EPSS
Web
CVE
CVE
added 2011/11/23 1:0 a.m.58 views

CVE-2010-5052

GetSimple CMS 2.01 is affected by a cross-site scripting (XSS) vulnerability in admin/components.php. The flaw arises from input sanitation in the val[] parameter, allowing remote attackers to inject arbitrary web script or HTML. Exploitation was demonstrated via a crafted POST to /admin/componen...

4.3CVSS5.8AI score0.02987EPSS
Web
CVE
CVE
added 2015/07/01 4:0 p.m.56 views

CVE-2015-5355

CVE-2015-5355 is a confirmed cross-site scripting vulnerability in GetSimple CMS prior to 3.3.6. The flaw arises in admin/edit.php where the parameters for post-content and post-title are not properly filtered, enabling remote attackers to inject arbitrary script/HTML. Affected software: GetSimpl...

4.3CVSS5.9AI score0.01917EPSS
CVE
CVE
added 2014/01/17 3:0 p.m.55 views

CVE-2013-7243

CVE-2013-7243 concerns GetSimple CMS versions 3.1.2 and 3.2.3, which are vulnerable to multiple cross-site scripting (XSS) vulnerabilities. The weaknesses allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php and (2) Display name field to settings.p...

4.3CVSS5.9AI score0.01854EPSS
CVE
CVE
added 2022/04/27 7:50 a.m.55 views

CVE-2022-1503

CVE-2022-1503 affects GetSimple CMS, where the vulnerability resides in the Content Module’s file /admin/edit.php . The root cause is improper handling of the argument post-content, allowing cross-site scripting (XSS) when an input like is processed. The advisory notes that the attack can be lau...

5.4CVSS4.5AI score0.00649EPSS
Web
CVE
CVE
added 2018/09/16 9:0 p.m.54 views

CVE-2018-17103

GetSimple CMS v3.3.13 is affected by a CSRF vulnerability that can change the administrator password via admin/settings.php. The issue is evidenced in multiple sources (NVD/CVE-2018-17103, CNVD-2018-19747, OSV, CVE records). The root cause is a CSRF flaw possibly related to nonce handling, enabli...

8.8CVSS8.7AI score0.0065EPSS
CVE
CVE
added 2018/08/25 9:0 p.m.52 views

CVE-2018-15843

GetSimple CMS 3.3.14 is vulnerable to Cross-Site Scripting (XSS) through the admin/edit.php “Add New Page” field. The CNVD entry attributes the issue to inadequate filtering of the Add New Page input in GetSimple CMS 3.3.14, enabling a remote attacker to inject arbitrary web script or HTML. The C...

4.8CVSS4.8AI score0.00624EPSS
CVE
CVE
added 2015/01/20 3:0 p.m.50 views

CVE-2014-8790

GetSimple CMS 3.1.1–3.3.x (before 3.3.5 Beta 1) is affected by an XML External Entity (XXE) vulnerability in admin/api.php. The issue arises from passing unsanitized POST data to simplexml_load_string(), enabling an attacker to disclose arbitrary files via the data parameter. Impact is consistent...

5CVSS6.9AI score0.02539EPSS
Web
CVE
CVE
added 2017/06/29 8:0 a.m.50 views

CVE-2017-10673

CVE-2017-10673 affects GetSimple CMS 3.x; the admin/profile.php name field is vulnerable to cross-site scripting (XSS). The root cause is improper handling/escaping of the name value, enabling injection of arbitrary script/HTML. Impact is limited to contexts where the vulnerable profile name is r...

6.1CVSS5.9AI score0.00651EPSS
Web
CVE
CVE
added 2018/10/01 8:0 a.m.50 views

CVE-2018-17835

GetSimple CMS 3.3.15 is affected by CVE-2018-17835. The issue is a stored XSS: an administrator can inject malicious payload via the admin/settings.php Custom Permalink Structure parameter, which then contaminates any page created at the admin/pages.php URI. The vulnerability is rooted in imprope...

4.8CVSS4.7AI score0.0067EPSS
CVE
CVE
added 2020/10/01 1:50 p.m.47 views

CVE-2020-24861

GetSimple CMS 3.3.16 is affected by a persistent Cross Site Scripting vulnerability on the Settings page via the permal ink parameter when creating/opening a new page. Root cause: unsanitized input in the permalink parameter. Impact: XSS execution in the user context. Exploitation status not prov...

5.4CVSS5.3AI score0.00881EPSS
CVE
CVE
added 2018/12/31 3:0 p.m.46 views

CVE-2018-19845

CVE-2018-19845 is a stored XSS in GetSimple CMS. Multiple connected documents confirm the vulnerability in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter (and related CVE-2018-16325). CNVD/OSV/ CNVD entries also reference GetSimple CMS 3.4.0.9 and the admin/edit.php title field...

5.4CVSS5.5AI score0.0057EPSS
CVE
CVE
added 2017/03/17 2:0 p.m.44 views

CVE-2014-8723

GetSimple CMS 3.3.4 is affected. A information-disclosure vulnerability allows remote attackers to obtain the installation path by visiting direct URLs plugins/anonymous_data.php or plugins/InnovationPlugin.php, exposing sensitive info in error messages. The issue is documented across multiple so...

5.3CVSS5.1AI score0.01178EPSS