CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2014-1603 – GetSimple CMS 3.3.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-1603
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action to admin/settings.php. Múltiples vulnerabilidades de XSS en GetSimple CMS 3.3.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) el parámetro param hacia admin/load.php o el parámetro (2) user, (3) email o (4) name en una acción Save Settings hacia admin/settings.php. GetSimple CMS version 3.3.1 suffers from persistent and reflective cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/43888 http://seclists.org/fulldisclosure/2014/May/53 http://www.securityfocus.com/bid/67337 https://raw.githubusercontent.com/pedrib/PoC/master/getsimplecms-3.3.1.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2012-6621
https://notcve.org/view.php?id=CVE-2012-6621
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php. Múltiples vulnerabilidades de XSS en GetSimple CMS 3.1, 3.1.2, 3.2.3, y anteriores versiones permiten a atacantes remotos inyectar script Web o HTML arbitrario a través de los campos (1) Email Address o (2) Custom Permalink Structure en admin/settings.php; (3) parámetro path hacia admin/upload.php; (4) parámetro err hacia admin/theme.php; (5) parámetro error hacia admin/pages.php; o (6) parámetros success o (7) err hacia admin/index.php. • http://packetstormsecurity.com/files/124711 http://packetstormsecurity.org/files/112643/GetSimple-CMS-3.1-Cross-Site-Scripting.html http://secunia.com/advisories/49137 http://www.securityfocus.com/bid/53501 http://www.vulnerability-lab.com/get_content.php?id=521 https://exchange.xforce.ibmcloud.com/vulnerabilities/75534 https://exchange.xforce.ibmcloud.com/vulnerabilities/75535 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2013-7243 – GetSimple CMS 3.1.2 / 3.2.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-7243
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php or (2) Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already covered by CVE-2012-6621. Múltiples vulnerabilidades cross-site scripting (XSS) en GetSimple CMS v3.1.2 y v3.2.3 permiten a atacantes remotos inyectar secuencias de comandos Web o HTML a través (1) del campo post-menu de edit.php o (2) el campo Display en settings.php. NOTA: La estructura "Custom Permalink" y el campo "Email Address" está recogido en el CVE-2012-6621. GetSimple CMS versions 3.1.2 and 3.2.3 suffer from persistent cross site scripting vulnerabilities. • http://osvdb.org/101922 http://packetstormsecurity.com/files/124711 https://exchange.xforce.ibmcloud.com/vulnerabilities/90191 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-1420 – GetSimple CMS 3.1.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-1420
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. NOTE: the path parameter in admin/upload.php vector is already covered by CVE-2012-6621. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en GetSimple CMS versiones anteriores a la versión 3.2.1, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro (1) id en el archivo backup-edit.php; (2) title o (3) parámetro menu en el archivo edit.php; o (4) path o (5) parámetro returnid en el archivo filebrowser.php en admin/. NOTA: el parámetro path en el vector admin/upload.php ya está cubierto por CVE-2012-6621. GetSimple CMS version 3.1.2 suffers from multiple cross site scripting vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2013-05/0005.html http://get-simple.info/changelog https://www.htbridge.com/advisory/HTB23141 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2010-5052 – Getsimple CMS 2.01 - 'components.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-5052
Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en admin/components.php en GetSimple CMS v2.01, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro val[]. • https://www.exploit-db.com/exploits/34041 http://www.htbridge.ch/advisory/xss_vulnerability_in_getsimple_cms.html http://www.securityfocus.com/archive/1/511458/100/0/threaded http://www.securityfocus.com/bid/40374 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •