Shodan
Vulnerabilities
Vulnerable Software
Get-Simple:  >> Getsimple Cms  Security Vulnerabilities
CVE-2018-17835
An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-10-01
CVE-2018-17103
An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-16
CVE-2018-16325
There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-01
CVE-2018-15843
GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-08-25
CVE-2018-9173
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.
CVSS Score
6.1
EPSS Score
0.005
Published
2018-04-02
CVE-2017-10673
admin/profile.php in GetSimple CMS 3.x has XSS in a name field.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-06-29
CVE-2014-8722
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.
CVSS Score
7.5
EPSS Score
0.338
Published
2017-03-17
CVE-2014-8723
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-03-17
CVE-2015-5355
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-07-01
CVE-2015-5356
Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-07-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved