Vulnerabilities > GET Simple

DATE CVE VULNERABILITY TITLE RISK
2017-06-29 CVE-2017-10673 Cross-site Scripting vulnerability in Get-Simple Getsimple CMS
admin/profile.php in GetSimple CMS 3.x has XSS in a name field.
network
get-simple CWE-79
4.3
2017-03-17 CVE-2014-8723 Information Exposure vulnerability in Get-Simple Getsimple CMS 3.3.4
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.
network
low complexity
get-simple CWE-200
5.0
2017-03-17 CVE-2014-8722 Information Exposure vulnerability in Get-Simple Getsimple CMS 3.3.4
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.
network
low complexity
get-simple CWE-200
5.0
2015-07-01 CVE-2015-5356 Cross-site Scripting vulnerability in Get-Simple Getsimple CMS
Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter.
network
get-simple CWE-79
4.3
2015-07-01 CVE-2015-5355 Cross-site Scripting vulnerability in Get-Simple Getsimple CMS
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php.
network
get-simple CWE-79
4.3
2015-01-20 CVE-2014-8790 XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.
network
low complexity
cagintranetworks get-simple
5.0
2014-05-14 CVE-2014-1603 Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.1
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action to admin/settings.php.
network
get-simple CWE-79
4.3
2014-01-17 CVE-2013-7243 Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS 3.1.2/3.2.3
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php or (2) Display name field to settings.php.
network
get-simple CWE-79
4.3
2014-01-16 CVE-2012-6621 Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php.
network
get-simple CWE-79
4.3
2011-11-23 CVE-2010-5052 Cross-Site Scripting vulnerability in Get-Simple Getsimple CMS 2.01
Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter.
network
get-simple CWE-79
4.3