CVE-2023-6188 – GetSimpleCMS theme-edit.php code injection
https://notcve.org/view.php?id=CVE-2023-6188
A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1352 https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1358 https://vuldb.com/?ctiid.245735 https://vuldb.com/?id.245735 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-46040
https://notcve.org/view.php?id=CVE-2023-46040
Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function. Vulnerabilidad de Cross Site Scripting en GetSimpleCMS v.3.4.0a permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para la función componentes.php. • https://github.com/Num-Nine/CVE/wiki/GetSimplecms-exists-to-store-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-20391
https://notcve.org/view.php?id=CVE-2020-20391
Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets. Una vulnerabilidad de tipo Cross Site Scripting en GetSimpleCMS versión 3.4.0a, en el archivo admin/snippets.php por medio de (1) Add Snippet y (2) Save snippets • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1322 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-20389
https://notcve.org/view.php?id=CVE-2020-20389
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en GetSimpleCMS versión 3.4.0a, en el archivo admin/edit.php • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1321 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •