CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 6CVE-2022-41544 – GetSimple CMS v3.3.16 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2022-41544
18 Oct 2022 — GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. Se ha detectado que GetSimple CMS versión v3.3.16, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del parámetro edited_file en el archivo admin/theme-edit.php GetSimple CMS version 3.3.16 suffers from a remote shell upload vulnerability. • https://packetstorm.news/files/id/172553 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1503 – GetSimple CMS Content Module edit.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-1503
27 Apr 2022 — A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory. • https://github.com/joinia/project/blob/main/GetSimple/GetSimplereadme.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-24861
https://notcve.org/view.php?id=CVE-2020-24861
01 Oct 2020 — GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page GetSimple CMS versión 3.3.16, permite en el parámetro "permalink" en la página Settings un ataque de tipo Cross Site Scripting persistente que es ejecutado cuando creas y abres una nueva página • http://get-simple.info • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2020-23839 – GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-23839
01 Sep 2020 — A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form. Una vulnerabilidad Cross-Site Scripting (XSS) Reflejado en GetSimple CMS versión v3.3.16, en la página web del portal de inicio de sesión admin/index.php, permite a atacantes remotos ejecutar código JavaSc... • https://packetstorm.news/files/id/162016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-1420
https://notcve.org/view.php?id=CVE-2013-1420
02 Jan 2020 — Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. NOTE: the path parameter in admin/upload.php vector is already covered by CVE-2012-6621. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en GetSimple CMS versiones anteriores a la versión 3.2.1, p... • http://archives.neohapsis.com/archives/bugtraq/2013-05/0005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16333
https://notcve.org/view.php?id=CVE-2019-16333
15 Sep 2019 — GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. GetSimple CMS versión v3.3.15, presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) persistente en el archivo admin/theme-edit.php. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1313 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 91%CPEs: 1EXPL: 4CVE-2019-11231 – GetSimpleCMS - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-11231
16 May 2019 — An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to the official documentation for installation step 10, an admin is required to upload all the files, including the .htaccess files, and run a health check. However, what is overlooked is that the Apache HTTP Server by... • https://packetstorm.news/files/id/152961 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19845
https://notcve.org/view.php?id=CVE-2018-19845
31 Dec 2018 — There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. Hay Cross-Site Scripting (XSS) persistente en la versión 3.3.12 de GetSimple mediante el parámetro "post-menu" en admin/edit.php. Este problema está relacionado con CVE-2018-16325. • https://github.com/security-breachlock/CVE-2018-19845/blob/master/XSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19420
https://notcve.org/view.php?id=CVE-2018-19420
21 Nov 2018 — In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. En GetSimpleCMS 3.3.15, admin/upload.php bloquea las subidas de .html, pero hay varios casos alternativos en los que se puede ejecutar HTML, como con un archivo sin extensión o c... • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1301 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19421
https://notcve.org/view.php?id=CVE-2018-19421
21 Nov 2018 — In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. En GetSimpleCMS 3.3.15, admin/upload.php bloquea las subidas de .html, pero Internet Explorer renderiza los elementos HTML en un archivo .eml. Esto se debe a admin/upload-uploadify.php y validate_safe_file en admin/inc/security_functions.php. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1301 • CWE-434: Unrestricted Upload of File with Dangerous Type •