Lucene search

K

5 matches found

CVE
CVE
added 2019/05/22 6:29 p.m.110 views

CVE-2019-11231

An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to th...

9.8CVSS9.6AI score0.61684EPSS
CVE
CVE
added 2020/01/02 9:15 p.m.92 views

CVE-2013-1420

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin...

6.1CVSS5.9AI score0.00475EPSS
CVE
CVE
added 2015/07/01 4:59 p.m.37 views

CVE-2015-5355

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php.

4.3CVSS5.9AI score0.00296EPSS
CVE
CVE
added 2014/01/16 9:55 p.m.36 views

CVE-2012-6621

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err...

4.3CVSS5.9AI score0.00475EPSS
CVE
CVE
added 2015/07/01 4:59 p.m.36 views

CVE-2015-5356

Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter.

4.3CVSS5.9AI score0.00296EPSS