Vulnerability Details CVE-2012-6621
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.7%
CVSS Severity
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/124711
- http://packetstormsecurity.org/files/112643/GetSimple-CMS-3.1-Cross-Site-Scripting.html
- http://secunia.com/advisories/49137
- http://www.securityfocus.com/bid/53501
- http://www.vulnerability-lab.com/get_content.php?id=521
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75534
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75535
- http://packetstormsecurity.com/files/124711
- http://packetstormsecurity.org/files/112643/GetSimple-CMS-3.1-Cross-Site-Scripting.html
- http://secunia.com/advisories/49137
- http://www.securityfocus.com/bid/53501
- http://www.vulnerability-lab.com/get_content.php?id=521
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75534
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75535
Products affected by CVE-2012-6621
-
cpe:2.3:a:get-simple:getsimple_cms:1.0
-
cpe:2.3:a:get-simple:getsimple_cms:1.1
-
cpe:2.3:a:get-simple:getsimple_cms:1.2
-
cpe:2.3:a:get-simple:getsimple_cms:1.25
-
cpe:2.3:a:get-simple:getsimple_cms:1.3
-
cpe:2.3:a:get-simple:getsimple_cms:1.4
-
cpe:2.3:a:get-simple:getsimple_cms:1.5
-
cpe:2.3:a:get-simple:getsimple_cms:1.6
-
cpe:2.3:a:get-simple:getsimple_cms:1.7
-
cpe:2.3:a:get-simple:getsimple_cms:1.71
-
cpe:2.3:a:get-simple:getsimple_cms:2.0
-
cpe:2.3:a:get-simple:getsimple_cms:2.01
-
cpe:2.3:a:get-simple:getsimple_cms:2.03
-
cpe:2.3:a:get-simple:getsimple_cms:2.03.1
-
cpe:2.3:a:get-simple:getsimple_cms:3.0
-
cpe:2.3:a:get-simple:getsimple_cms:3.1
-
cpe:2.3:a:get-simple:getsimple_cms:3.1.1
-
cpe:2.3:a:get-simple:getsimple_cms:3.1.2
-
cpe:2.3:a:get-simple:getsimple_cms:3.2
-
cpe:2.3:a:get-simple:getsimple_cms:3.2.0
-
cpe:2.3:a:get-simple:getsimple_cms:3.2.1
-
cpe:2.3:a:get-simple:getsimple_cms:3.2.2
-
cpe:2.3:a:get-simple:getsimple_cms:3.2.3