CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-8723
https://notcve.org/view.php?id=CVE-2014-8723
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message. GetSimple CMS 3.3.4 permite a atacantes remotos obtener información sensible a través de una solicitud directa a (1) plugins/anonymous_data.php o (2) plugins/InnovationPlugin.php, lo que revela la ruta de instalación en un mensaje de error. • http://rossmarks.uk/portfolio.php http://rossmarks.uk/whitepapers/getSimple_cms_3.3.4.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 12%CPEs: 1EXPL: 2CVE-2014-8722 – GetSimple CMS 3.3.4 - Information Disclosure
https://notcve.org/view.php?id=CVE-2014-8722
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. GetSimple CMS 3.3.4 permite a atacantes remotos obtener información sensible mediante una solicitud directa a (1) data/users/.xml, (2) backups/users/.xml.bak, (3) data/other/authorization.xml, o (4) data/other/appid.xml. GetSimple CMS version 3.3.4 suffers from an information disclosure vulnerability. • https://www.exploit-db.com/exploits/49928 http://packetstormsecurity.com/files/162906/GetSimple-CMS-3.3.4-Information-Disclosure.html http://rossmarks.uk/portfolio.php http://rossmarks.uk/whitepapers/getSimple_cms_3.3.4.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2015-5355
https://notcve.org/view.php?id=CVE-2015-5355
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php. Múltiples vulnerabilidades de XSS en GetSimple CMS anterior a 3.3.6 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro (1) post-content o (2) post-title en admin/edit.php. • http://packetstormsecurity.com/files/132481/GetSimple-CMS-5.7.3.1-Cross-Site-Scripting.html https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1046 https://github.com/GetSimpleCMS/GetSimpleCMS/releases/tag/v3.3.6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5356
https://notcve.org/view.php?id=CVE-2015-5356
Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter. Vulnerabilidad de XSS en admin/filebrowser.php en GetSimple CMS anterior a 3.3.6 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro func. • https://github.com/GetSimpleCMS/GetSimpleCMS/commit/cb1845743bd11ba74a49b6b522c080df86a17d51 https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1059 https://github.com/GetSimpleCMS/GetSimpleCMS/releases/tag/v3.3.6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 3CVE-2014-8790 – GetSimple CMS 3.3.4 XML External Entity Injection
https://notcve.org/view.php?id=CVE-2014-8790
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter. Vulnerabilidad de entidad externa XML (XXE) en admin/api.php en GetSimple CMS 3.1.1 hasta 3.3.x anterior a 3.3.5 Beta 1, cuando está en ciertas configuraciones, permite a atacantes remotos leer ficheros arbitrarios a través del parámetro data. GetSimple CMS versions 3.1.1 through 3.3.4 suffer from an XML external entity injection vulnerability. • http://get-simple.info/start/changelog http://karmainsecurity.com/KIS-2014-17 http://packetstormsecurity.com/files/129778/GetSimple-CMS-3.3.4-XML-External-Entity-Injection.html http://seclists.org/fulldisclosure/2014/Dec/135 https://github.com/GetSimpleCMS/GetSimpleCMS/issues/944 •