CVE-2012-6621
GetSimple CMS 3.1.2 / 3.2.3 Cross Site Scripting
Severity Score
4.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php.
Múltiples vulnerabilidades de XSS en GetSimple CMS 3.1, 3.1.2, 3.2.3, y anteriores versiones permiten a atacantes remotos inyectar script Web o HTML arbitrario a través de los campos (1) Email Address o (2) Custom Permalink Structure en admin/settings.php; (3) parámetro path hacia admin/upload.php; (4) parámetro err hacia admin/theme.php; (5) parámetro error hacia admin/pages.php; o (6) parámetros success o (7) err hacia admin/index.php.
GetSimple CMS versions 3.1.2 and 3.2.3 suffer from persistent cross site scripting vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-01-07 CVE Published
- 2014-01-07 First Exploit
- 2014-01-16 CVE Reserved
- 2024-08-06 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/124711 | X_refsource_misc |
|
| http://packetstormsecurity.org/files/112643/GetSimple-CMS-3.1-Cross-Site-Scripting.html | X_refsource_misc | |
| http://www.securityfocus.com/bid/53501 | Vdb Entry | |
| http://www.vulnerability-lab.com/get_content.php?id=521 | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75534 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75535 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/124711 | 2014-01-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/49137 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | <= 3.2.3 Search vendor "Get-simple" for product "Getsimple Cms" and version " <= 3.2.3" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 1.0 Search vendor "Get-simple" for product "Getsimple Cms" and version "1.0" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 1.1 Search vendor "Get-simple" for product "Getsimple Cms" and version "1.1" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 1.2 Search vendor "Get-simple" for product "Getsimple Cms" and version "1.2" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 1.3 Search vendor "Get-simple" for product "Getsimple Cms" and version "1.3" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 1.4 Search vendor "Get-simple" for product "Getsimple Cms" and version "1.4" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 1.5 Search vendor "Get-simple" for product "Getsimple Cms" and version "1.5" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 1.6 Search vendor "Get-simple" for product "Getsimple Cms" and version "1.6" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 1.7 Search vendor "Get-simple" for product "Getsimple Cms" and version "1.7" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 1.25 Search vendor "Get-simple" for product "Getsimple Cms" and version "1.25" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 1.71 Search vendor "Get-simple" for product "Getsimple Cms" and version "1.71" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 2.0 Search vendor "Get-simple" for product "Getsimple Cms" and version "2.0" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 2.01 Search vendor "Get-simple" for product "Getsimple Cms" and version "2.01" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 2.03 Search vendor "Get-simple" for product "Getsimple Cms" and version "2.03" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 2.03.1 Search vendor "Get-simple" for product "Getsimple Cms" and version "2.03.1" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 3.0 Search vendor "Get-simple" for product "Getsimple Cms" and version "3.0" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 3.1 Search vendor "Get-simple" for product "Getsimple Cms" and version "3.1" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 3.1.1 Search vendor "Get-simple" for product "Getsimple Cms" and version "3.1.1" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 3.1.2 Search vendor "Get-simple" for product "Getsimple Cms" and version "3.1.2" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 3.2 Search vendor "Get-simple" for product "Getsimple Cms" and version "3.2" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 3.2.1 Search vendor "Get-simple" for product "Getsimple Cms" and version "3.2.1" | - |
Affected
| ||||||
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | 3.2.2 Search vendor "Get-simple" for product "Getsimple Cms" and version "3.2.2" | - |
Affected
| ||||||