Vulnerabilities > GET Simple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-02 | CVE-2013-1420 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. | 6.1 |
| 2019-09-15 | CVE-2019-16333 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.15 GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. | 5.4 |
| 2019-05-22 | CVE-2019-11231 | Path Traversal vulnerability in Get-Simple Getsimple CMS An issue was discovered in GetSimple CMS through 3.3.15. | 9.8 |
| 2019-03-22 | CVE-2019-9915 | Open Redirect vulnerability in Get-Simple. Getsimplecms 3.3.13 GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter. | 6.1 |
| 2018-12-31 | CVE-2018-19845 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.12 There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. | 5.4 |
| 2018-11-21 | CVE-2018-19421 | Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15 In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | 3.8 |
| 2018-11-21 | CVE-2018-19420 | Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15 In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | 3.8 |
| 2018-10-01 | CVE-2018-17835 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.15 An issue was discovered in GetSimple CMS 3.3.15. | 4.8 |
| 2018-09-16 | CVE-2018-17103 | Cross-Site Request Forgery (CSRF) vulnerability in Get-Simple Getsimple CMS 3.3.13 An issue was discovered in GetSimple CMS v3.3.13. | 8.8 |
| 2018-09-01 | CVE-2018-16325 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.4.0.9 There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. | 6.1 |