Page 6 of 43 results (0.009 seconds)

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-19421

https://notcve.org/view.php?id=CVE-2018-19421

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. En GetSimpleCMS 3.3.15, admin/upload.php bloquea las subidas de .html, pero Internet Explorer renderiza los elementos HTML en un archivo .eml. Esto se debe a admin/upload-uploadify.php y validate_safe_file en admin/inc/security_functions.php. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1301 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-17835

https://notcve.org/view.php?id=CVE-2018-17835

An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI. Se ha descubierto un problema en GetSimple CMS 3.3.15. Un administrador puede insertar Cross-Site Scripting (XSS) persistente mediante el parámetro Custom Permalink Structure en admin/settings.php, lo que inyecta la carga útil de XSS en cualquier página creada en el URI admin/pages.php. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1298 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-17103

https://notcve.org/view.php?id=CVE-2018-17103

An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter ** EN DISPUTA ** Se ha descubierto un problema en GetSimple CMS v3.3.13. Hay una vulnerabilidad CSRF que puede cambiar la contraseña del administrador mediante admin settings.php. NOTA: el fabricante informa de que el PoC estaba enviando un valor para el parámetro nonce. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1295 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-16325

https://notcve.org/view.php?id=CVE-2018-16325

There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. Hay Cross-Site Scripting (XSS) en GetSimple CMS 3.4.0.9 mediante el campo title en admin/edit.php. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1284 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-15843

https://notcve.org/view.php?id=CVE-2018-15843

GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field. GetSimple CMS 3.3.14 tiene Cross-Site Scripting (XSS) mediante el campo "Add New Page" en admin/edit.php. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •