First published: Thu Jan 16 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Get-simple Getsimple Cms | <=3.2.3 | |
Get-simple Getsimple Cms | =1.0 | |
Get-simple Getsimple Cms | =1.1 | |
Get-simple Getsimple Cms | =1.2 | |
Get-simple Getsimple Cms | =1.3 | |
Get-simple Getsimple Cms | =1.4 | |
Get-simple Getsimple Cms | =1.5 | |
Get-simple Getsimple Cms | =1.6 | |
Get-simple Getsimple Cms | =1.7 | |
Get-simple Getsimple Cms | =1.25 | |
Get-simple Getsimple Cms | =1.71 | |
Get-simple Getsimple Cms | =2.0 | |
Get-simple Getsimple Cms | =2.01 | |
Get-simple Getsimple Cms | =2.03 | |
Get-simple Getsimple Cms | =2.03.1 | |
Get-simple Getsimple Cms | =3.0 | |
Get-simple Getsimple Cms | =3.1 | |
Get-simple Getsimple Cms | =3.1.1 | |
Get-simple Getsimple Cms | =3.1.2 | |
Get-simple Getsimple Cms | =3.2 | |
Get-simple Getsimple Cms | =3.2.1 | |
Get-simple Getsimple Cms | =3.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.