Vulnerabilities > GET Simple

DATE CVE VULNERABILITY TITLE RISK
2019-05-22 CVE-2019-11231 Path Traversal vulnerability in Get-Simple Getsimple CMS
An issue was discovered in GetSimple CMS through 3.3.15.
network
low complexity
get-simple CWE-22
5.0
2019-03-22 CVE-2019-9915 Open Redirect vulnerability in Get-Simple. Getsimplecms 3.3.13
GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.
5.8
2018-12-31 CVE-2018-19845 Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.12
There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325.
network
get-simple CWE-79
3.5
2018-11-21 CVE-2018-19421 Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
network
low complexity
get-simple CWE-434
4.0
2018-11-21 CVE-2018-19420 Unrestricted Upload of File with Dangerous Type vulnerability in Get-Simple Getsimple CMS 3.3.15
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
network
low complexity
get-simple CWE-434
4.0
2018-10-01 CVE-2018-17835 Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.15
An issue was discovered in GetSimple CMS 3.3.15.
network
get-simple CWE-79
3.5
2018-09-16 CVE-2018-17103 Cross-Site Request Forgery (CSRF) vulnerability in Get-Simple Getsimple CMS 3.3.13
An issue was discovered in GetSimple CMS v3.3.13.
network
low complexity
get-simple CWE-352
8.8
2018-09-01 CVE-2018-16325 Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.4.0.9
There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field.
network
get-simple CWE-79
4.3
2018-08-25 CVE-2018-15843 Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.14
GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.
network
get-simple CWE-79
3.5
2018-04-02 CVE-2018-9173 Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.13
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.
network
get-simple CWE-79
4.3