cbcvebase.

Get-Simple Getsimple Cms vulnerabilities

25 known vulnerabilities affecting get-simple/getsimple_cms.

Total CVEs
25
CISA KEV
0
Public exploits
8
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM19LOW2

Vulnerabilities

Page 2 of 2
CVE-2014-8723P4MEDIUMCVSS 5.3v3.3.42017-03-17
CVE-2014-8723 [MEDIUM] CWE-200 CVE-2014-8723: GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.
nvd
CVE-2018-15843P4MEDIUMCVSS 4.8v3.3.142018-08-25
CVE-2018-15843 [MEDIUM] CWE-79 CVE-2018-15843: GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field. GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.
nvd
CVE-2012-6621P4MEDIUMCVSS 4.3≤ 3.2.3v1.0+20 more2014-01-16
CVE-2012-6621 [MEDIUM] CWE-79 CVE-2012-6621: Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to ad
nvd
CVE-2018-19420P4LOWCVSS 3.8v3.3.152018-11-21
CVE-2018-19420 [LOW] CWE-434 CVE-2018-19420: In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative case In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
nvd
CVE-2018-19421P4LOWCVSS 3.8v3.3.152018-11-21
CVE-2018-19421 [LOW] CWE-434 CVE-2018-19421: In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elem In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
nvd
Get-Simple Getsimple Cms vulnerabilities | cvebase