VYPR
Vendor

Getsimplecms Ce

Products
1
CVEs
46
Across products
46
Status
Private

Products

1

Recent CVEs

46
View all 46 CVEs →
  • CVE-2022-41544CriOct 18, 2022
    risk 0.67cvss 9.8epss 0.09

    GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.

  • CVE-2023-46042CriOct 19, 2023
    risk 0.66cvss 9.8epss 0.23

    An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().

  • CVE-2020-18191CriOct 2, 2020
    risk 0.59cvss 9.1epss 0.02

    GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php

  • CVE-2018-17103HigSep 16, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter

  • CVE-2014-8722HigMar 17, 2017
    risk 0.53cvss 7.5epss 0.14

    GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/.xml, (2) backups/users/.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.

  • CVE-2021-28976HigJun 23, 2021
    risk 0.50cvss 7.2epss 0.08

    Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.

  • CVE-2020-23839MedSep 1, 2020
    risk 0.43cvss 6.1epss 0.10

    A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials,…

  • CVE-2018-9173MedApr 2, 2018
    risk 0.43cvss 6.1epss 0.03

    Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.

  • CVE-2021-36601MedAug 10, 2021
    risk 0.40cvss 6.1epss 0.01

    GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter.

  • CVE-2020-18660MedJun 23, 2021
    risk 0.40cvss 6.1epss 0.01

    GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.

  • CVE-2020-18659MedJun 23, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php

  • CVE-2020-18658MedJun 23, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.

  • CVE-2020-18657MedJun 23, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.

  • CVE-2013-1420MedJan 2, 2020
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to…

  • CVE-2019-9915MedMar 22, 2019
    risk 0.40cvss 6.1epss 0.04

    GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.

  • CVE-2018-16325MedSep 1, 2018
    risk 0.40cvss 6.1epss 0.01

    There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field.

  • CVE-2017-10673MedJun 29, 2017
    risk 0.40cvss 6.1epss 0.01

    admin/profile.php in GetSimple CMS 3.x has XSS in a name field.

  • CVE-2021-47870MedJan 21, 2026
    risk 0.35cvss 5.4epss 0.00

    GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to…

  • CVE-2023-51246MedJan 8, 2024
    risk 0.35cvss 5.4epss 0.00

    A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page.

  • CVE-2023-46040MedOct 31, 2023
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function.