Vulnerabilities > GET Simple > Getsimplecms > 3.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-23 | CVE-2020-18660 | Open Redirect vulnerability in Get-Simple Getsimplecms GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter. | 6.1 |
| 2021-06-23 | CVE-2020-18657 | Cross-site Scripting vulnerability in Get-Simple Getsimplecms Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function. | 6.1 |
| 2021-06-23 | CVE-2020-18658 | Cross-site Scripting vulnerability in Get-Simple Getsimplecms Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php. | 6.1 |
| 2021-06-23 | CVE-2020-18659 | Cross-site Scripting vulnerability in Get-Simple Getsimplecms Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php | 6.1 |
| 2021-06-23 | CVE-2021-28976 | Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimplecms Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. | 7.2 |
| 2021-06-23 | CVE-2021-28977 | Cross-site Scripting vulnerability in Get-Simple Getsimplecms Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files, | 4.8 |