Getsimple Cms@3.3.15 Security Vulnerabilities and Issues — Getsimple Cms@3.3.15 CVE List

Lucene search

Get-simpleGetsimple Cms3.3.15

4 matches found

CVE•added 2019/09/15 10:15 p.m.•73 views

CVE-2019-16333

GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.

5.4CVSS5.3AI score0.00206EPSS

CVE•added 2018/11/21 9:29 p.m.•52 views

CVE-2018-19420

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in...

4CVSS4.4AI score0.00221EPSS

CVE•added 2018/11/21 9:29 p.m.•48 views

CVE-2018-19421

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.

4CVSS4.5AI score0.00221EPSS

CVE•added 2018/10/01 8:29 a.m.•32 views

CVE-2018-17835

An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI.

4.8CVSS4.7AI score0.00235EPSS