VYPR

Getsimplecms Ce

by Getsimplecms Ce

CVEs (46)

  • CVE-2020-21353MedAug 6, 2021
    risk 0.35cvss 5.4epss 0.01

    A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets module.

  • CVE-2020-20391MedJun 23, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.

  • CVE-2019-16333MedSep 15, 2019
    risk 0.35cvss 5.4epss 0.01

    GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.

  • CVE-2018-19845MedDec 31, 2018
    risk 0.35cvss 5.4epss 0.01

    There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325.

  • CVE-2014-8723MedMar 17, 2017
    risk 0.35cvss 5.3epss 0.01

    GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.

  • CVE-2026-26351MedFeb 24, 2026
    risk 0.31cvss 4.8epss 0.00

    GetSimpleCMS Community Edition (CE) versions prior to 3.3.22 (3.3.16 tested) contains a stored cross-site scripting (XSS) vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored…

  • CVE-2023-6188MedNov 17, 2023
    risk 0.31cvss 4.7epss 0.01

    A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to…

  • CVE-2020-20389MedJun 23, 2021
    risk 0.31cvss 4.8epss 0.01

    Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php.

  • CVE-2021-28977MedJun 23, 2021
    risk 0.31cvss 4.8epss 0.01

    Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,

  • CVE-2018-15843MedAug 25, 2018
    risk 0.31cvss 4.8epss 0.01

    GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.

  • CVE-2018-19421LowNov 21, 2018
    risk 0.25cvss 3.8epss 0.01

    In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.

  • CVE-2018-19420LowNov 21, 2018
    risk 0.25cvss 3.8epss 0.01

    In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and…

  • CVE-2013-10032Jul 25, 2025
    risk 0.09cvss epss 0.02

    An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper validation of MIME types or extensions. By uploading a .pht file containing PHP…

  • CVE-2026-28495Mar 10, 2026
    risk 0.00cvss epss 0.00

    GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF…

  • CVE-2026-27202Feb 20, 2026
    risk 0.00cvss epss 0.01

    GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication.

  • CVE-2026-27161Feb 20, 2026
    risk 0.00cvss epss 0.00

    GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled (common in hardened or shared hosting environments), these…

  • CVE-2026-27147Feb 20, 2026
    risk 0.00cvss epss 0.00

    GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an…

  • CVE-2026-27146Feb 20, 2026
    risk 0.00cvss epss 0.00

    GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated…

  • CVE-2021-47860Jan 21, 2026
    risk 0.00cvss epss 0.00

    GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to…

  • CVE-2021-47830Jan 21, 2026
    risk 0.00cvss epss 0.00

    GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized…