Lucene search
K
Get-simpleGetsimplecms

21 matches found

CVE
CVE
added 2023/10/31 12:0 a.m.96 views

CVE-2023-46040

GetSimpleCMS, version 3.4.0a, contains a Cross-Site Scripting vulnerability that allows a remote attacker to execute arbitrary code via a crafted payload to the components.php function. The issue is documented across multiple sources (CVE-2023-46040) and is categorized as CVSS 3.1: Medium (ATT&CK...

5.4CVSS5.8AI score0.00504EPSS
CVE
CVE
added 2023/11/17 5:31 p.m.89 views

CVE-2023-6188

GetSimpleCMS 3.3.16/3.4.0a exposes a vulnerability in /admin/theme-edit.php allowing code injection. The issue can be triggered remotely; public exploit activity is noted. Mitigation per PT-2023-32557: restrict access to /admin/theme-edit.php or avoid using theme-edit.php until a patch is availab...

9.8CVSS6.4AI score0.00972EPSS
CVE
CVE
added 2021/08/06 10:36 p.m.88 views

CVE-2020-21353

CVE-2020-21353 affects GetSimple CMS version 3.4.0a. A stored XSS exists in /admin/snippets.php via crafted payload in the Edit Snippets module, enabling execution of arbitrary web scripts/HTML if a user views the crafted content. No exploitation details or fixes are provided in the supplied docu...

5.4CVSS5.4AI score0.00549EPSS
Web
CVE
CVE
added 2021/06/23 6:54 p.m.78 views

CVE-2020-18658

CVE-2020-18658 is a cross-site scripting vulnerability in GetSimpleCMS, affecting versions ≤ 3.3.15. The XSS is triggered via the timezone parameter in settings.php, allowing an attacker to inject malicious script. Connected sources also reference that GetSimple CMS versions earlier than 3.3.16 a...

6.1CVSS6.2AI score0.01371EPSS
CVE
CVE
added 2021/06/23 6:59 p.m.74 views

CVE-2020-18659

CVE-2020-18659 affects GetSimpleCMS up to version 3.3.15. A stored/ reflected cross-site scripting vulnerability exists in the admin setup page: /admin/setup.php accepts user-controlled values for sitename, username, and email, enabling XSS. Connected sources consistently describe GetSimpleCMS

6.1CVSS6.3AI score0.01298EPSS
Web
CVE
CVE
added 2021/06/23 8:19 p.m.72 views

CVE-2020-18660

GetSimpleCMS

6.1CVSS6.5AI score0.01285EPSS
Web
CVE
CVE
added 2021/06/23 6:43 p.m.62 views

CVE-2020-18657

GetSimpleCMS vulnerability CVE-2020-18657: XSS in admin/changedata.php via the redirect_url parameter and the headers_sent function affects GetSimpleCMS versions up to 3.3.15. Connected sources (NVD, RH OpenRedHat, CNVD, OSV, CVE CNVD/CNNVD entries) consistently describe a cross-site scripting fl...

6.1CVSS6.1AI score0.01371EPSS
Web
CVE
CVE
added 2023/10/19 12:0 a.m.58 views

CVE-2023-46042

GetSimpleCMS v3.4.0a is affected by a remote code execution vulnerability triggered by a crafted payload to phpinfo(). The issue is described across multiple sources (NVD, Red Hat, CNNVD, CVE listings, PT-Security, etc.) with no public details on the exact fix version in the provided documents. R...

9.8CVSS9.4AI score0.22611EPSS
CVE
CVE
added 2021/06/23 12:36 p.m.55 views

CVE-2021-28976

CVE-2021-28976 affects GetSimpleCMS versions prior to 3.3.16, with a remote code execution vulnerability in admin/upload.php exploitable through PHAR file uploads. The connected sources confirm a phar-based attack chain leading to RCE (e.g., PoCs and exploits in Exploit-DB/PacketStorm) and indica...

7.2CVSS7.4AI score0.07548EPSS
Web
CVE
CVE
added 2024/11/12 2:31 p.m.52 views

CVE-2024-11125

GetSimpleCMS 3.3.16 is affected by a cross-site request forgery involving the /admin/profile.php endpoint. The issue’s root cause is related to processing in that file, enabling an attacker to perform CSRF remotely. Multiple sources (NVD, RH Red Hat, OSV, CVE records) corroborate the vulnerabilit...

6.9CVSS4.5AI score0.00367EPSS
CVE
CVE
added 2024/01/08 12:0 a.m.45 views

CVE-2023-51246

CVE-2023-51246 concerns GetSimple CMS 3.3.16 where an XSS exists when a backend user adds articles via /admin/edit.php with Source Code Mode active. The root cause is inadequate filtering/escaping of user-supplied data during article creation, leading to arbitrary script execution. Affected produ...

5.4CVSS5.3AI score0.00326EPSS
CVE
CVE
added 2021/08/10 2:5 p.m.43 views

CVE-2021-36601

CVE-2021-36601 affects GetSimpleCMS 3.3.16: an XSS vulnerability exists in the siteURL parameter of admin/settings.php, caused by inadequate filtering (described as Function TSL not filtering the check). Multiple sources (Red Hat, NVD/NVD-variant, OSV, OpenVAS, etc.) corroborate a cross-site scri...

6.1CVSS5.9AI score0.00937EPSS
CVE
CVE
added 2021/06/23 2:35 p.m.42 views

CVE-2020-20389

CVE-2020-20389 is a reported cross-site scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a, located in admin/edit.php. The vulnerability is documented across multiple sources (NVD, CNVD, OSV, Red Hat, OpenVAS, CVE list) with the same description, indicating an XSS flaw in GetSimpleCMS. CVSS dat...

4.8CVSS5AI score0.00589EPSS
CVE
CVE
added 2020/10/02 1:19 p.m.41 views

CVE-2020-18191

GetSimpleCMS-3.3.15 is affected by a directory traversal vulnerability. Remote attackers can delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php. Root cause: unvalidated directory traversal in the admin log handling. Impact: potential unauthorized file deletion. Exploitation details and...

9.1CVSS9.2AI score0.02066EPSS
Web
CVE
CVE
added 2021/06/23 2:43 p.m.38 views

CVE-2020-20391

CVE-2020-20391 targets GetSimpleCMS 3.4.0a, with a Cross-Site Scripting vulnerability in admin/snippets.php triggered via Add Snippet and Save snippets. The connected entries confirm the affected product/version and vulnerability type (XSS) but do not provide concrete root-cause details beyond th...

5.4CVSS5.4AI score0.00581EPSS
CVE
CVE
added 2021/06/23 12:44 p.m.37 views

CVE-2021-28977

GetSimpleCMS 3.3.16 is affected by a cross-site scripting vulnerability in admin/upload.php. The issue arises from injecting comments or file header data into content stored in xla, pages, and gzip files, enabling XSS. Multiple connected sources (including Red Hat, CNVD/CNNVD, OSV, CVE registry) ...

4.8CVSS5.2AI score0.00506EPSS
Web
CVE
CVE
added 2025/07/25 3:51 p.m.18 views

CVE-2013-10032

CVE-2013-10032 affects GetSimpleCMS 3.2.1 via upload.php, where authenticated users can upload arbitrary files without proper MIME/extension validation, allowing a disguised .pht containing PHP code to be placed in the web root and executed. Root cause: blacklist-based filtering instead of a whit...

8.8CVSS7.6AI score0.02484EPSS
CVE
CVE
added 2026/01/21 5:29 p.m.15 views

CVE-2021-47778

CVE-2021-47778 affects GetSimple CMS My SMTP Contact Plugin 1.1.2. A PHP code injection vulnerability exists that allows an authenticated administrator to inject arbitrary PHP code via plugin configuration parameters, resulting in remote code execution on the server. The Red Hat and NVD/NVD-deriv...

8.6CVSS6.7AI score0.0109EPSS
CVE
CVE
added 2026/01/21 5:32 p.m.13 views

CVE-2021-47870

CVE-2021-47870 affects GetSimple CMS with the plugin “My SMTP Contact Plugin” v1.1.2. The stored XSS arises because input is sanitized with htmlspecialchars() but can be bypassed by escaped hex bytes, enabling arbitrary client-side code execution in an administrator’s browser when visiting a craf...

5.4CVSS5.8AI score0.00229EPSS
CVE
CVE
added 2026/01/21 5:27 p.m.12 views

CVE-2021-47830

GetSimple CMS My SMTP Contact Plugin 1.1.1 is affected by a CSRF vulnerability. An attacker can lure an authenticated administrator to a malicious page to modify SMTP configuration settings, potentially enabling unauthorized changes. The vulnerability is CSRF with no direct remote code execution ...

6.5CVSS5.8AI score0.00349EPSS
CVE
CVE
added 2026/01/21 5:29 p.m.10 views

CVE-2021-47860

CVE-2021-47860 concerns GetSimple CMS Custom JS 0.1. The vulnerability is a cross-site request forgery that can enable unauthenticated attackers to inject arbitrary client-side code into administrator browsers, potentially triggering a reflected XSS payload to execute remote code on the hosting s...

8.5CVSS6AI score0.00226EPSS