Vulnerabilities > GET Simple > Getsimple CMS

DATE CVE VULNERABILITY TITLE RISK
2018-10-01 CVE-2018-17835 Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.15
An issue was discovered in GetSimple CMS 3.3.15.
network
get-simple CWE-79
3.5
3.5
2018-09-16 CVE-2018-17103 Cross-Site Request Forgery (CSRF) vulnerability in Get-Simple Getsimple CMS 3.3.13
An issue was discovered in GetSimple CMS v3.3.13.
network
low complexity
get-simple CWE-352
8.8
8.8
2018-09-01 CVE-2018-16325 Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.4.0.9
There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field.
network
get-simple CWE-79
4.3
4.3
2018-08-25 CVE-2018-15843 Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.14
GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.
network
get-simple CWE-79
3.5
3.5
2018-04-02 CVE-2018-9173 Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.13
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.
network
get-simple CWE-79
4.3
4.3
2017-06-29 CVE-2017-10673 Cross-site Scripting vulnerability in Get-Simple Getsimple CMS
admin/profile.php in GetSimple CMS 3.x has XSS in a name field.
network
get-simple CWE-79
4.3
4.3
2017-03-17 CVE-2014-8723 Information Exposure vulnerability in Get-Simple Getsimple CMS 3.3.4
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.
network
low complexity
get-simple CWE-200
5.0
5.0
2017-03-17 CVE-2014-8722 Information Exposure vulnerability in Get-Simple Getsimple CMS 3.3.4
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.
network
low complexity
get-simple CWE-200
5.0
5.0
2015-07-01 CVE-2015-5356 Cross-site Scripting vulnerability in Get-Simple Getsimple CMS
Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter.
network
get-simple CWE-79
4.3
4.3
2015-07-01 CVE-2015-5355 Cross-site Scripting vulnerability in Get-Simple Getsimple CMS
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php.
network
get-simple CWE-79
4.3
4.3