Filtered by vendor Get-simple
Subscriptions
Filtered by product Getsimple Cms
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19420 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | ||||
| CVE-2018-17835 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI. | ||||
| CVE-2018-17103 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter | ||||
| CVE-2018-16325 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. | ||||
| CVE-2018-15843 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field. | ||||
| CVE-2013-1420 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. NOTE: the path parameter in admin/upload.php vector is already covered by CVE-2012-6621. | ||||