Lucene search
Get-simpleGetsimple Cms3.3.13
2 matches found
CVE-2018-9173
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.
6.1CVSS5.9AI score0.005EPSS
CVE-2018-17103
An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter
8.8CVSS8.7AI score0.00141EPSS