Getsimplecms Ce
Products
1- 46 CVEs
Recent CVEs
46| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-41544 | Cri | 0.67 | 9.8 | 0.09 | Oct 18, 2022 | GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. | ||
| CVE-2023-46042 | Cri | 0.66 | 9.8 | 0.23 | Oct 19, 2023 | An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo(). | ||
| CVE-2020-18191 | Cri | 0.59 | 9.1 | 0.02 | Oct 2, 2020 | GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php | ||
| CVE-2018-17103 | Hig | 0.57 | 8.8 | 0.01 | Sep 16, 2018 | An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter | ||
| CVE-2014-8722 | Hig | 0.53 | 7.5 | 0.14 | Mar 17, 2017 | GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/.xml, (2) backups/users/.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. | ||
| CVE-2021-28976 | Hig | 0.50 | 7.2 | 0.08 | Jun 23, 2021 | Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. | ||
| CVE-2020-23839 | Med | 0.43 | 6.1 | 0.10 | Sep 1, 2020 | A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials,… | ||
| CVE-2018-9173 | Med | 0.43 | 6.1 | 0.03 | Apr 2, 2018 | Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. | ||
| CVE-2021-36601 | Med | 0.40 | 6.1 | 0.01 | Aug 10, 2021 | GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter. | ||
| CVE-2020-18660 | Med | 0.40 | 6.1 | 0.01 | Jun 23, 2021 | GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter. | ||
| CVE-2020-18659 | Med | 0.40 | 6.1 | 0.01 | Jun 23, 2021 | Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php | ||
| CVE-2020-18658 | Med | 0.40 | 6.1 | 0.01 | Jun 23, 2021 | Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php. | ||
| CVE-2020-18657 | Med | 0.40 | 6.1 | 0.01 | Jun 23, 2021 | Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function. | ||
| CVE-2013-1420 | Med | 0.40 | 6.1 | 0.01 | Jan 2, 2020 | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to… | ||
| CVE-2019-9915 | Med | 0.40 | 6.1 | 0.04 | Mar 22, 2019 | GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter. | ||
| CVE-2018-16325 | Med | 0.40 | 6.1 | 0.01 | Sep 1, 2018 | There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. | ||
| CVE-2017-10673 | Med | 0.40 | 6.1 | 0.01 | Jun 29, 2017 | admin/profile.php in GetSimple CMS 3.x has XSS in a name field. | ||
| CVE-2021-47870 | Med | 0.35 | 5.4 | 0.00 | Jan 21, 2026 | GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to… | ||
| CVE-2023-51246 | Med | 0.35 | 5.4 | 0.00 | Jan 8, 2024 | A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page. | ||
| CVE-2023-46040 | Med | 0.35 | 5.4 | 0.01 | Oct 31, 2023 | Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function. |
- risk 0.67cvss 9.8epss 0.09
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.
- risk 0.66cvss 9.8epss 0.23
An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().
- risk 0.59cvss 9.1epss 0.02
GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter
- risk 0.53cvss 7.5epss 0.14
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/.xml, (2) backups/users/.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.
- risk 0.50cvss 7.2epss 0.08
Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.
- risk 0.43cvss 6.1epss 0.10
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials,…
- risk 0.43cvss 6.1epss 0.03
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.
- risk 0.40cvss 6.1epss 0.01
GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter.
- risk 0.40cvss 6.1epss 0.01
GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php
- risk 0.40cvss 6.1epss 0.01
Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to…
- risk 0.40cvss 6.1epss 0.04
GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.
- risk 0.40cvss 6.1epss 0.01
There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field.
- risk 0.40cvss 6.1epss 0.01
admin/profile.php in GetSimple CMS 3.x has XSS in a name field.
- risk 0.35cvss 5.4epss 0.00
GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to…
- risk 0.35cvss 5.4epss 0.00
A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function.