Latest get-simple getsimplecms Vulnerabilities

CVE-2023-51246
A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page.
Get-simple Getsimplecms=3.3.16
CVE-2023-6188
GetSimpleCMS theme-edit.php code injection
=3.3.16
=3.4.0a
CVE-2023-46040
Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function.
Get-simple Getsimplecms=3.4.0-alpha1
CVE-2023-46042
An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().
Get-simple Getsimplecms=3.4.0a
CVE-2021-36601
GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter.
Get-simple Getsimplecms=3.3.16
CVE-2020-21353
Get-simple Getsimplecms=3.4.0a
CVE-2020-18660
GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.
Get-simple Getsimplecms<=3.3.15
CVE-2020-18658
Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.
Get-simple Getsimplecms<=3.3.15
CVE-2020-18657
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.
Get-simple Getsimplecms<=3.3.15
CVE-2020-18659
Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php
Get-simple Getsimplecms<=3.3.15
CVE-2020-20391
Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.
Get-simple Getsimplecms=3.4.0-a1
CVE-2020-20389
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php.
Get-simple Getsimplecms=3.4.0-a1
CVE-2021-28977
Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,
Get-simple Getsimplecms<=3.3.15
CVE-2021-28976
Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.
Get-simple Getsimplecms<3.3.15
CVE-2020-18191
GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php
Get-simple Getsimplecms=3.3.15

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203