CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51246
https://notcve.org/view.php?id=CVE-2023-51246
08 Jan 2024 — A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page. Existe una vulnerabilidad de Cross Site Scripting (XSS) en GetSimple CMS 3.3.16 cuando se utiliza el modo de código fuente como usuario backend para agregar artículos a través de la página /admin/edit.php. • https://gist.github.com/NING0121/25498c5326c2590423b26ace38d2cf39 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-6188 – GetSimpleCMS theme-edit.php code injection
https://notcve.org/view.php?id=CVE-2023-6188
17 Nov 2023 — A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1352 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36601
https://notcve.org/view.php?id=CVE-2021-36601
10 Aug 2021 — GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter. GetSimpleCMS versión 3.3.16, contiene una vulnerabilidad de tipo cross-site Scripting (XSS), donde la función TSL no filtra la comprobación de la URL del sitio web settings.php: parámetro "siteURL" • https://github.com/kk98kk0/exploit/blob/dbd10a47b0585ba4c673c952a280d502294cdbf4/GetSimpleCMS-3.3.16-xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •