CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2013-7243 – GetSimple CMS 3.1.2 / 3.2.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-7243
07 Jan 2014 — Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php or (2) Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already covered by CVE-2012-6621. Múltiples vulnerabilidades cross-site scripting (XSS) en GetSimple CMS v3.1.2 y v3.2.3 permiten a atacantes remotos inyectar secuencias de comandos Web o HTML a través (1) del campo ... • https://packetstorm.news/files/id/124711 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 22EXPL: 1CVE-2012-6621 – GetSimple CMS 3.1.2 / 3.2.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2012-6621
07 Jan 2014 — Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php. Múltiples vulnerabilidades de XSS en GetSimple CMS 3.1, 3.1.2, 3.2.3, y anteriores ver... • https://packetstorm.news/files/id/124711 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2010-5052 – Getsimple CMS 2.01 - 'components.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-5052
23 Nov 2011 — Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en admin/components.php en GetSimple CMS v2.01, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro val[]. • https://www.exploit-db.com/exploits/34041 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2010-4863 – Getsimple CMS 2.01 - 'changedata.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4863
05 Oct 2011 — Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en admin/changedata.php de GetSimple CMS 2.01. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro post-title. • https://www.exploit-db.com/exploits/34789 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •