Vulnerabilities > GET Simple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-23 | CVE-2020-18659 | Cross-site Scripting vulnerability in Get-Simple Getsimplecms 3.3.13 Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php | 4.3 |
| 2021-06-23 | CVE-2020-20389 | Cross-site Scripting vulnerability in Get-Simple Getsimplecms 3.4.0 Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php. | 3.5 |
| 2021-06-23 | CVE-2020-20391 | Cross-site Scripting vulnerability in Get-Simple Getsimplecms 3.4.0 Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets. | 3.5 |
| 2021-06-23 | CVE-2021-28976 | Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimplecms 3.3.13 Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. | 6.5 |
| 2021-06-23 | CVE-2021-28977 | Cross-site Scripting vulnerability in Get-Simple Getsimplecms 3.3.13 Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files, | 3.5 |
| 2020-10-02 | CVE-2020-18191 | Path Traversal vulnerability in Get-Simple Getsimplecms 3.3.15 GetSimpleCMS-3.3.15 is affected by directory traversal. | 6.4 |
| 2020-10-01 | CVE-2020-24861 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.16 GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page | 3.5 |
| 2020-09-01 | CVE-2020-23839 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.16 A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form. | 6.1 |
| 2020-01-02 | CVE-2013-1420 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. | 4.3 |
| 2019-09-15 | CVE-2019-16333 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.15 GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. | 3.5 |