CVE-2018-9173
published 2018-04-02CVE-2018-9173: Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web…
PriorityP433medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.50%
82.7th percentile
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| easycms | easycms | — | — |
| get-simple | getsimple_cms | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v28m-2f54-wwf7: App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify
ghsa_unreviewed·2022-05-14·CVSS 6.1
CVE-2018-17113 [MEDIUM] CWE-79 GHSA-v28m-2f54-wwf7: App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify
App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173.
GHSA
GHSA-3f48-jgcv-hq2w: Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify
ghsa_unreviewed·2022-05-14
CVE-2018-9173 [MEDIUM] CWE-79 GHSA-3f48-jgcv-hq2w: Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.
No detection rules found.
No writeups or analysis indexed.
2018-04-02
Published