Vulnerabilities > GET Simple

DATE CVE VULNERABILITY TITLE RISK
2020-10-02 CVE-2020-18191 Path Traversal vulnerability in Get-Simple Getsimplecms 3.3.15
GetSimpleCMS-3.3.15 is affected by directory traversal.
network
low complexity
get-simple CWE-22
6.4
2020-10-01 CVE-2020-24861 Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.16
GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page
network
get-simple CWE-79
3.5
2020-09-01 CVE-2020-23839 Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.16
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.
network
get-simple CWE-79
4.3
2020-01-02 CVE-2013-1420 Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/.
network
get-simple CWE-79
4.3
2019-09-15 CVE-2019-16333 Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.15
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
network
get-simple CWE-79
3.5
2019-05-22 CVE-2019-11231 Path Traversal vulnerability in Get-Simple Getsimple CMS
An issue was discovered in GetSimple CMS through 3.3.15.
network
low complexity
get-simple CWE-22
5.0
2019-03-22 CVE-2019-9915 Open Redirect vulnerability in Get-Simple. Getsimplecms 3.3.13
GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.
5.8
2018-12-31 CVE-2018-19845 Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.12
There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325.
network
get-simple CWE-79
3.5
2018-11-21 CVE-2018-19421 Unrestricted Upload of File With Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
network
low complexity
get-simple CWE-434
4.0
2018-11-21 CVE-2018-19420 Unrestricted Upload of File With Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
network
low complexity
get-simple CWE-434
4.0