CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11125 – GetSimpleCMS profile.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-11125
12 Nov 2024 — A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Zeynalxan/zero-day/blob/main/GetSimpleCMS-CVE.md • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51246
https://notcve.org/view.php?id=CVE-2023-51246
08 Jan 2024 — A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page. Existe una vulnerabilidad de Cross Site Scripting (XSS) en GetSimple CMS 3.3.16 cuando se utiliza el modo de código fuente como usuario backend para agregar artículos a través de la página /admin/edit.php. • https://gist.github.com/NING0121/25498c5326c2590423b26ace38d2cf39 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-6188 – GetSimpleCMS theme-edit.php code injection
https://notcve.org/view.php?id=CVE-2023-6188
17 Nov 2023 — A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1352 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46040
https://notcve.org/view.php?id=CVE-2023-46040
31 Oct 2023 — Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function. Vulnerabilidad de Cross Site Scripting en GetSimpleCMS v.3.4.0a permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para la función componentes.php. • https://github.com/Num-Nine/CVE/wiki/GetSimplecms-exists-to-store-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-46042
https://notcve.org/view.php?id=CVE-2023-46042
19 Oct 2023 — An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo(). Un problema en GetSimpleCMS v.3.4.0a permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en phpinfo(). • https://github.com/Num-Nine/CVE/wiki/A-file-write-vulnerability-exists-in-GetSimpleCMS • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 6CVE-2022-41544 – GetSimple CMS v3.3.16 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2022-41544
18 Oct 2022 — GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. Se ha detectado que GetSimple CMS versión v3.3.16, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del parámetro edited_file en el archivo admin/theme-edit.php GetSimple CMS version 3.3.16 suffers from a remote shell upload vulnerability. • https://packetstorm.news/files/id/172553 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1503 – GetSimple CMS Content Module edit.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-1503
27 Apr 2022 — A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory. • https://github.com/joinia/project/blob/main/GetSimple/GetSimplereadme.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0355 – Improper Removal of Sensitive Information Before Storage or Transfer in feross/simple-get
https://notcve.org/view.php?id=CVE-2022-0355
26 Jan 2022 — Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1. Una Exposición de Información Confidencial a un Actor no Autorizado en NPM simple-get versiones anteriores a 4.0.1 • https://github.com/advisories/GHSA-wpg7-2c88-r8xv • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36601
https://notcve.org/view.php?id=CVE-2021-36601
10 Aug 2021 — GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter. GetSimpleCMS versión 3.3.16, contiene una vulnerabilidad de tipo cross-site Scripting (XSS), donde la función TSL no filtra la comprobación de la URL del sitio web settings.php: parámetro "siteURL" • https://github.com/kk98kk0/exploit/blob/dbd10a47b0585ba4c673c952a280d502294cdbf4/GetSimpleCMS-3.3.16-xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21353
https://notcve.org/view.php?id=CVE-2020-21353
06 Aug 2021 — A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenado en el archivo /admin/snippets.php de GetSimple CMS versión3.4.0a, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el módulo Edit Snippets • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1319 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •