CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17103
https://notcve.org/view.php?id=CVE-2018-17103
An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter ** EN DISPUTA ** Se ha descubierto un problema en GetSimple CMS v3.3.13. Hay una vulnerabilidad CSRF que puede cambiar la contraseña del administrador mediante admin settings.php. NOTA: el fabricante informa de que el PoC estaba enviando un valor para el parámetro nonce. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1295 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16325
https://notcve.org/view.php?id=CVE-2018-16325
There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. Hay Cross-Site Scripting (XSS) en GetSimple CMS 3.4.0.9 mediante el campo title en admin/edit.php. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1284 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15843
https://notcve.org/view.php?id=CVE-2018-15843
GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field. GetSimple CMS 3.3.14 tiene Cross-Site Scripting (XSS) mediante el campo "Add New Page" en admin/edit.php. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9173 – GetSimple CMS 3.3.13 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-9173
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. Existe una vulnerabilidad explotable de uso de credenciales embebidas en los puntos de acceso inalámbrico Moxa AWK-3131A que ejecuten la versión 1.1 del firmware. El sistema operativo del dispositivo contiene una cuenta (root) privilegiada y sin documentar con credenciales embebidas, lo que da a los atacantes el control total de los dispositivos afectados. GetSimple CMS version 3.3.13 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44408 https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1266 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2017-10673
https://notcve.org/view.php?id=CVE-2017-10673
admin/profile.php in GetSimple CMS 3.x has XSS in a name field. admin/profile.php en GetSimple CMS 3.x tiene Cross-Site Scripting (XSS) en un campo name. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •