CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 4CVE-2022-41544 – GetSimple CMS v3.3.16 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2022-41544
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. Se ha detectado que GetSimple CMS versión v3.3.16, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del parámetro edited_file en el archivo admin/theme-edit.php GetSimple CMS version 3.3.16 suffers from a remote shell upload vulnerability. • https://www.exploit-db.com/exploits/51475 https://github.com/N3rdyN3xus/CVE-2022-41544 https://github.com/yosef0x01/CVE-2022-41544 http://packetstormsecurity.com/files/172553/GetSimple-CMS-3.3.16-Shell-Upload.html https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1352 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1503 – GetSimple CMS Content Module edit.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-1503
A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory. • https://github.com/joinia/project/blob/main/GetSimple/GetSimplereadme.md https://vuldb.com/?id.198542 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-24861
https://notcve.org/view.php?id=CVE-2020-24861
GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page GetSimple CMS versión 3.3.16, permite en el parámetro "permalink" en la página Settings un ataque de tipo Cross Site Scripting persistente que es ejecutado cuando creas y abres una nueva página • http://get-simple.info https://www.exploit-db.com/exploits/48850 https://www.youtube.com/watch?v=8IMfD5KGt_U • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2020-23839 – GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-23839
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form. Una vulnerabilidad Cross-Site Scripting (XSS) Reflejado en GetSimple CMS versión v3.3.16, en la página web del portal de inicio de sesión admin/index.php, permite a atacantes remotos ejecutar código JavaScript en el navegador del cliente y recolectar credenciales de inicio de sesión después de que un cliente haga clic en un enlace, ingrese credenciales y envíe el formulario de inicio de sesión • https://www.exploit-db.com/exploits/49726 https://github.com/boku7/CVE-2020-23839 http://packetstormsecurity.com/files/162016/GetSimple-CMS-3.3.16-Cross-Site-Scripting-Shell-Upload.html https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1330 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16333
https://notcve.org/view.php?id=CVE-2019-16333
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. GetSimple CMS versión v3.3.15, presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) persistente en el archivo admin/theme-edit.php. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1313 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •