CVE-2022-1503
GetSimple CMS Content Module edit.php cross site scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory.
Se ha encontrado una vulnerabilidad, clasificada como problemática, en GetSimple CMS. El archivo /admin/edit.php del módulo Content está afectado por este problema. La manipulación del argumento post-content con un input como (script)alert(1)(/script) conlleva a un ataque de tipo cross site scripting. El ataque puede ser lanzado remotamente pero requiere autenticación. En el aviso han sido divulgados detalles de la exposición
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-27 CVE Reserved
- 2022-04-27 CVE Published
- 2023-11-18 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://vuldb.com/?id.198542 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/joinia/project/blob/main/GetSimple/GetSimplereadme.md | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Get-simple Search vendor "Get-simple" | Getsimple Cms Search vendor "Get-simple" for product "Getsimple Cms" | - | - |
Affected
| ||||||