CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1503 – GetSimple CMS Content Module edit.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-1503
A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory. • https://github.com/joinia/project/blob/main/GetSimple/GetSimplereadme.md https://vuldb.com/?id.198542 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0355 – Improper Removal of Sensitive Information Before Storage or Transfer in feross/simple-get
https://notcve.org/view.php?id=CVE-2022-0355
Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1. Una Exposición de Información Confidencial a un Actor no Autorizado en NPM simple-get versiones anteriores a 4.0.1 • https://github.com/advisories/GHSA-wpg7-2c88-r8xv https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36601
https://notcve.org/view.php?id=CVE-2021-36601
GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter. GetSimpleCMS versión 3.3.16, contiene una vulnerabilidad de tipo cross-site Scripting (XSS), donde la función TSL no filtra la comprobación de la URL del sitio web settings.php: parámetro "siteURL" • https://github.com/kk98kk0/exploit/blob/dbd10a47b0585ba4c673c952a280d502294cdbf4/GetSimpleCMS-3.3.16-xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21353
https://notcve.org/view.php?id=CVE-2020-21353
A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenado en el archivo /admin/snippets.php de GetSimple CMS versión3.4.0a, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el módulo Edit Snippets • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1319 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18660
https://notcve.org/view.php?id=CVE-2020-18660
GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter. GetSimpleCMS versiones anteriores a 3.3.15 incluyéndola, presenta un redireccionamiento abierto en el archivo admin/changedata.php por medio de la función redirect al parámetro url • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1310 https://github.com/LoRexxar/CVE_Request/blob/master/getsimplecms%20v3.3.15/getsimplecms_before_v3.3.15.md https://www.seebug.org/vuldb/ssvid-97928 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •