CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9173 – GetSimple CMS 3.3.13 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-9173
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. Existe una vulnerabilidad explotable de uso de credenciales embebidas en los puntos de acceso inalámbrico Moxa AWK-3131A que ejecuten la versión 1.1 del firmware. El sistema operativo del dispositivo contiene una cuenta (root) privilegiada y sin documentar con credenciales embebidas, lo que da a los atacantes el control total de los dispositivos afectados. GetSimple CMS version 3.3.13 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44408 https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1266 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2017-10673
https://notcve.org/view.php?id=CVE-2017-10673
admin/profile.php in GetSimple CMS 3.x has XSS in a name field. admin/profile.php en GetSimple CMS 3.x tiene Cross-Site Scripting (XSS) en un campo name. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-8723
https://notcve.org/view.php?id=CVE-2014-8723
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message. GetSimple CMS 3.3.4 permite a atacantes remotos obtener información sensible a través de una solicitud directa a (1) plugins/anonymous_data.php o (2) plugins/InnovationPlugin.php, lo que revela la ruta de instalación en un mensaje de error. • http://rossmarks.uk/portfolio.php http://rossmarks.uk/whitepapers/getSimple_cms_3.3.4.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 12%CPEs: 1EXPL: 2CVE-2014-8722 – GetSimple CMS 3.3.4 - Information Disclosure
https://notcve.org/view.php?id=CVE-2014-8722
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. GetSimple CMS 3.3.4 permite a atacantes remotos obtener información sensible mediante una solicitud directa a (1) data/users/.xml, (2) backups/users/.xml.bak, (3) data/other/authorization.xml, o (4) data/other/appid.xml. GetSimple CMS version 3.3.4 suffers from an information disclosure vulnerability. • https://www.exploit-db.com/exploits/49928 http://packetstormsecurity.com/files/162906/GetSimple-CMS-3.3.4-Information-Disclosure.html http://rossmarks.uk/portfolio.php http://rossmarks.uk/whitepapers/getSimple_cms_3.3.4.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2015-5355
https://notcve.org/view.php?id=CVE-2015-5355
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php. Múltiples vulnerabilidades de XSS en GetSimple CMS anterior a 3.3.6 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro (1) post-content o (2) post-title en admin/edit.php. • http://packetstormsecurity.com/files/132481/GetSimple-CMS-5.7.3.1-Cross-Site-Scripting.html https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1046 https://github.com/GetSimpleCMS/GetSimpleCMS/releases/tag/v3.3.6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •