CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-1420
https://notcve.org/view.php?id=CVE-2013-1420
02 Jan 2020 — Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. NOTE: the path parameter in admin/upload.php vector is already covered by CVE-2012-6621. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en GetSimple CMS versiones anteriores a la versión 3.2.1, p... • http://archives.neohapsis.com/archives/bugtraq/2013-05/0005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 91%CPEs: 1EXPL: 4CVE-2019-11231 – GetSimpleCMS - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-11231
16 May 2019 — An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to the official documentation for installation step 10, an admin is required to upload all the files, including the .htaccess files, and run a health check. However, what is overlooked is that the Apache HTTP Server by... • https://packetstorm.news/files/id/152961 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2017-10673
https://notcve.org/view.php?id=CVE-2017-10673
29 Jun 2017 — admin/profile.php in GetSimple CMS 3.x has XSS in a name field. admin/profile.php en GetSimple CMS 3.x tiene Cross-Site Scripting (XSS) en un campo name. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2015-5355
https://notcve.org/view.php?id=CVE-2015-5355
01 Jul 2015 — Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php. Múltiples vulnerabilidades de XSS en GetSimple CMS anterior a 3.3.6 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro (1) post-content o (2) post-title en admin/edit.php. • http://packetstormsecurity.com/files/132481/GetSimple-CMS-5.7.3.1-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5356
https://notcve.org/view.php?id=CVE-2015-5356
01 Jul 2015 — Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter. Vulnerabilidad de XSS en admin/filebrowser.php en GetSimple CMS anterior a 3.3.6 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro func. • https://github.com/GetSimpleCMS/GetSimpleCMS/commit/cb1845743bd11ba74a49b6b522c080df86a17d51 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 4CVE-2014-8790 – GetSimple CMS 3.3.4 XML External Entity Injection
https://notcve.org/view.php?id=CVE-2014-8790
31 Dec 2014 — XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter. Vulnerabilidad de entidad externa XML (XXE) en admin/api.php en GetSimple CMS 3.1.1 hasta 3.3.x anterior a 3.3.5 Beta 1, cuando está en ciertas configuraciones, permite a atacantes remotos leer ficheros arbitrarios a través del parámetro data. GetSimple CMS versions 3.1.1 through 3.3.4 suffer... • https://packetstorm.news/files/id/129778 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2014-1603 – GetSimple CMS 3.3.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-1603
13 May 2014 — Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action to admin/settings.php. Múltiples vulnerabilidades de XSS en GetSimple CMS 3.3.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) el parámetro param hacia admin/load.php o el parámetro (2) user, (3) email o ... • https://packetstorm.news/files/id/126598 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2013-7243 – GetSimple CMS 3.1.2 / 3.2.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-7243
07 Jan 2014 — Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php or (2) Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already covered by CVE-2012-6621. Múltiples vulnerabilidades cross-site scripting (XSS) en GetSimple CMS v3.1.2 y v3.2.3 permiten a atacantes remotos inyectar secuencias de comandos Web o HTML a través (1) del campo ... • https://packetstorm.news/files/id/124711 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 22EXPL: 1CVE-2012-6621 – GetSimple CMS 3.1.2 / 3.2.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2012-6621
07 Jan 2014 — Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php. Múltiples vulnerabilidades de XSS en GetSimple CMS 3.1, 3.1.2, 3.2.3, y anteriores ver... • https://packetstorm.news/files/id/124711 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2010-5052 – Getsimple CMS 2.01 - 'components.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-5052
23 Nov 2011 — Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en admin/components.php en GetSimple CMS v2.01, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro val[]. • https://www.exploit-db.com/exploits/34041 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •