CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17835
https://notcve.org/view.php?id=CVE-2018-17835
01 Oct 2018 — An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI. Se ha descubierto un problema en GetSimple CMS 3.3.15. Un administrador puede insertar Cross-Site Scripting (XSS) persistente mediante el parámetro Custom Permalink Structure en admin/settings.php, lo que inyecta la carga útil de XSS en cualquier página creada en el URI admin/pa... • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1298 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17103
https://notcve.org/view.php?id=CVE-2018-17103
16 Sep 2018 — An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter ** EN DISPUTA ** Se ha descubierto un problema en GetSimple CMS v3.3.13. Hay una vulnerabilidad CSRF que puede cambiar la contraseña del administrador mediante admin settings.php. NOTA: el fabricante informa de que el PoC estaba enviando un valor para el parámetro nonce. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1295 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16325
https://notcve.org/view.php?id=CVE-2018-16325
01 Sep 2018 — There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. Hay Cross-Site Scripting (XSS) en GetSimple CMS 3.4.0.9 mediante el campo title en admin/edit.php. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1284 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15843
https://notcve.org/view.php?id=CVE-2018-15843
25 Aug 2018 — GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field. GetSimple CMS 3.3.14 tiene Cross-Site Scripting (XSS) mediante el campo "Add New Page" en admin/edit.php. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-9173 – GetSimple CMS 3.3.13 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-9173
02 Apr 2018 — Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. Existe una vulnerabilidad explotable de uso de credenciales embebidas en los puntos de acceso inalámbrico Moxa AWK-3131A que ejecuten la versión 1.1 del firmware. El sistema operativo del dispositivo contiene una cuenta (root) privilegiada y sin documentar con credenciales embebidas, lo que da... • https://packetstorm.news/files/id/147064 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2017-10673
https://notcve.org/view.php?id=CVE-2017-10673
29 Jun 2017 — admin/profile.php in GetSimple CMS 3.x has XSS in a name field. admin/profile.php en GetSimple CMS 3.x tiene Cross-Site Scripting (XSS) en un campo name. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-8723
https://notcve.org/view.php?id=CVE-2014-8723
17 Mar 2017 — GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message. GetSimple CMS 3.3.4 permite a atacantes remotos obtener información sensible a través de una solicitud directa a (1) plugins/anonymous_data.php o (2) plugins/InnovationPlugin.php, lo que revela la ruta de instalación en un mensaje de error. • http://rossmarks.uk/portfolio.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 3CVE-2014-8722 – GetSimple CMS 3.3.4 - Information Disclosure
https://notcve.org/view.php?id=CVE-2014-8722
17 Mar 2017 — GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2015-5355
https://notcve.org/view.php?id=CVE-2015-5355
01 Jul 2015 — Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php. Múltiples vulnerabilidades de XSS en GetSimple CMS anterior a 3.3.6 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro (1) post-content o (2) post-title en admin/edit.php. • http://packetstormsecurity.com/files/132481/GetSimple-CMS-5.7.3.1-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5356
https://notcve.org/view.php?id=CVE-2015-5356
01 Jul 2015 — Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter. Vulnerabilidad de XSS en admin/filebrowser.php en GetSimple CMS anterior a 3.3.6 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro func. • https://github.com/GetSimpleCMS/GetSimpleCMS/commit/cb1845743bd11ba74a49b6b522c080df86a17d51 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •