CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-1420 – GetSimple CMS 3.1.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-1420
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. NOTE: the path parameter in admin/upload.php vector is already covered by CVE-2012-6621. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en GetSimple CMS versiones anteriores a la versión 3.2.1, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro (1) id en el archivo backup-edit.php; (2) title o (3) parámetro menu en el archivo edit.php; o (4) path o (5) parámetro returnid en el archivo filebrowser.php en admin/. NOTA: el parámetro path en el vector admin/upload.php ya está cubierto por CVE-2012-6621. GetSimple CMS version 3.1.2 suffers from multiple cross site scripting vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2013-05/0005.html http://get-simple.info/changelog https://www.htbridge.com/advisory/HTB23141 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2010-5052 – Getsimple CMS 2.01 - 'components.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-5052
Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en admin/components.php en GetSimple CMS v2.01, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro val[]. • https://www.exploit-db.com/exploits/34041 http://www.htbridge.ch/advisory/xss_vulnerability_in_getsimple_cms.html http://www.securityfocus.com/archive/1/511458/100/0/threaded http://www.securityfocus.com/bid/40374 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 4CVE-2010-4863 – Getsimple CMS 2.01 - 'changedata.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4863
Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en admin/changedata.php de GetSimple CMS 2.01. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro post-title. • https://www.exploit-db.com/exploits/34789 http://packetstormsecurity.org/1009-exploits/getsimplecms201-xss.txt http://securityreason.com/securityalert/8420 http://www.htbridge.ch/advisory/xss_vulnerability_in_getsimple_cms_1.html http://www.securityfocus.com/archive/1/514043/100/0/threaded http://www.securityfocus.com/bid/43593 https://exchange.xforce.ibmcloud.com/vulnerabilities/62177 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •