NotCVE - vendor:"Get-simple" product:"Getsimplecms" version:"3.4.0a"

6 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2

CVE-2023-6188 – GetSimpleCMS theme-edit.php code injection

https://notcve.org/view.php?id=CVE-2023-6188

17 Nov 2023 — A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1352 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-46040

https://notcve.org/view.php?id=CVE-2023-46040

31 Oct 2023 — Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function. Vulnerabilidad de Cross Site Scripting en GetSimpleCMS v.3.4.0a permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para la función componentes.php. • https://github.com/Num-Nine/CVE/wiki/GetSimplecms-exists-to-store-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1

CVE-2023-46042

https://notcve.org/view.php?id=CVE-2023-46042

19 Oct 2023 — An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo(). Un problema en GetSimpleCMS v.3.4.0a permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en phpinfo(). • https://github.com/Num-Nine/CVE/wiki/A-file-write-vulnerability-exists-in-GetSimpleCMS • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-21353

https://notcve.org/view.php?id=CVE-2020-21353

06 Aug 2021 — A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenado en el archivo /admin/snippets.php de GetSimple CMS versión3.4.0a, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el módulo Edit Snippets • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1319 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-20391

https://notcve.org/view.php?id=CVE-2020-20391

23 Jun 2021 — Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets. Una vulnerabilidad de tipo Cross Site Scripting en GetSimpleCMS versión 3.4.0a, en el archivo admin/snippets.php por medio de (1) Add Snippet y (2) Save snippets • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1322 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-20389

https://notcve.org/view.php?id=CVE-2020-20389

23 Jun 2021 — Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en GetSimpleCMS versión 3.4.0a, en el archivo admin/edit.php • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1321 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •