VYPR
Vendor

Cagintranetworks

Products
1
CVEs
12
Across products
12
Status
Private

Products

1

Recent CVEs

12
  • CVE-2018-17103HigSep 16, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter

  • CVE-2017-8081HigApr 30, 2017
    risk 0.57cvss 8.8epss 0.01

    Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce.

  • CVE-2018-9173MedApr 2, 2018
    risk 0.43cvss 6.1epss 0.03

    Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.

  • CVE-2018-16325MedSep 1, 2018
    risk 0.40cvss 6.1epss 0.01

    There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field.

  • CVE-2017-10673MedJun 29, 2017
    risk 0.40cvss 6.1epss 0.01

    admin/profile.php in GetSimple CMS 3.x has XSS in a name field.

  • CVE-2018-17835MedOct 1, 2018
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI.

  • CVE-2018-15843MedAug 25, 2018
    risk 0.31cvss 4.8epss 0.01

    GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.

  • CVE-2019-9915Mar 21, 2019
    risk 0.01cvss epss 0.04

    GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.

  • CVE-2018-19845Dec 31, 2018
    risk 0.00cvss epss 0.01

    There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325.

  • CVE-2018-19420Nov 21, 2018
    risk 0.00cvss epss 0.01

    In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and…

  • CVE-2018-19421Nov 21, 2018
    risk 0.00cvss epss 0.01

    In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.

  • CVE-2014-8790Jan 20, 2015
    risk 0.00cvss epss 0.03

    XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.