Sign in Subscribe

← All vendors

Vendor

Get Simple

Products

2

CVEs

12

Across products

12

Status

Private

Products

2

Getsimplecms
11 CVEs
CMS
1 CVE

Recent CVEs

12

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2014-8722	Hig	0.54	7.5	0.27		Mar 17, 2017	GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.
CVE-2021-47870	Med	0.35	5.4	0.00		Jan 21, 2026	GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary client-side code that executes in the administrator's browser when visiting a malicious page.
CVE-2014-8723	Med	0.34	5.3	0.00		Mar 17, 2017	GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.
CVE-2014-1603		0.03	—	0.03		May 14, 2014	Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action to admin/settings.php.
CVE-2010-5052		0.03	—	0.00		Nov 23, 2011	Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter.
CVE-2010-4863		0.03	—	0.04		Oct 5, 2011	Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter.
CVE-2022-1503		0.00	—	0.00		Apr 27, 2022	A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory.
CVE-2015-5356		0.00	—	0.00		Jul 1, 2015	Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter.
CVE-2015-5355		0.00	—	0.00		Jul 1, 2015	Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php.
CVE-2014-8790		0.00	—	0.01		Jan 20, 2015	XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.
CVE-2013-7243		0.00	—	0.00		Jan 17, 2014	Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php or (2) Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already covered by CVE-2012-6621.
CVE-2012-6621		0.00	—	0.00		Jan 16, 2014	Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php.