Vulnerabilities > GET Simple > Getsimple CMS
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-01 | CVE-2018-17835 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.15 An issue was discovered in GetSimple CMS 3.3.15. | 3.5 |
2018-09-16 | CVE-2018-17103 | Cross-Site Request Forgery (CSRF) vulnerability in Get-Simple Getsimple CMS 3.3.13 An issue was discovered in GetSimple CMS v3.3.13. | 8.8 |
2018-09-01 | CVE-2018-16325 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.4.0.9 There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. | 4.3 |
2018-08-25 | CVE-2018-15843 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.14 GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field. | 3.5 |
2018-04-02 | CVE-2018-9173 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.13 Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. | 4.3 |
2017-06-29 | CVE-2017-10673 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS admin/profile.php in GetSimple CMS 3.x has XSS in a name field. | 4.3 |
2017-03-17 | CVE-2014-8723 | Information Exposure vulnerability in Get-Simple Getsimple CMS 3.3.4 GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message. | 5.0 |
2017-03-17 | CVE-2014-8722 | Information Exposure vulnerability in Get-Simple Getsimple CMS 3.3.4 GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. | 5.0 |
2015-07-01 | CVE-2015-5356 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter. | 4.3 |
2015-07-01 | CVE-2015-5355 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php. | 4.3 |