Vulnerabilities > GET Simple > Getsimple CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-01 | CVE-2020-23839 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.16 A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form. | 6.1 |
| 2020-01-02 | CVE-2013-1420 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. | 4.3 |
| 2019-05-22 | CVE-2019-11231 | Path Traversal vulnerability in Get-Simple Getsimple CMS An issue was discovered in GetSimple CMS through 3.3.15. | 5.0 |
| 2018-11-21 | CVE-2018-19421 | Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15 In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | 4.0 |
| 2018-11-21 | CVE-2018-19420 | Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15 In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | 4.0 |
| 2018-09-01 | CVE-2018-16325 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.4.0.9 There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. | 4.3 |
| 2018-04-02 | CVE-2018-9173 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.13 Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. | 4.3 |
| 2017-06-29 | CVE-2017-10673 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS admin/profile.php in GetSimple CMS 3.x has XSS in a name field. | 4.3 |
| 2017-03-17 | CVE-2014-8723 | Information Exposure vulnerability in Get-Simple Getsimple CMS 3.3.4 GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message. | 5.0 |
| 2017-03-17 | CVE-2014-8722 | Information Exposure vulnerability in Get-Simple Getsimple CMS 3.3.4 GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. | 5.0 |