Get-Simple Getsimple Cms vulnerabilities
25 known vulnerabilities affecting get-simple/getsimple_cms.
Total CVEs
25
CISA KEV
0
Public exploits
8
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM19LOW2
Vulnerabilities
Page 2 of 2
CVE-2014-8723P4MEDIUMCVSS 5.3v3.3.42017-03-17
CVE-2014-8723 [MEDIUM] CWE-200 CVE-2014-8723: GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.
nvd
CVE-2018-15843P4MEDIUMCVSS 4.8v3.3.142018-08-25
CVE-2018-15843 [MEDIUM] CWE-79 CVE-2018-15843: GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.
GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.
nvd
CVE-2012-6621P4MEDIUMCVSS 4.3≤ 3.2.3v1.0+20 more2014-01-16
CVE-2012-6621 [MEDIUM] CWE-79 CVE-2012-6621: Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to ad
nvd
CVE-2018-19420P4LOWCVSS 3.8v3.3.152018-11-21
CVE-2018-19420 [LOW] CWE-434 CVE-2018-19420: In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative case
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
nvd
CVE-2018-19421P4LOWCVSS 3.8v3.3.152018-11-21
CVE-2018-19421 [LOW] CWE-434 CVE-2018-19421: In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elem
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
nvd
← Previous2 / 2