Shodan
Vulnerabilities
Vulnerable Software
Get-Simple:  Security Vulnerabilities
CVE-2020-18657
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-06-23
CVE-2020-18658
Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-06-23
CVE-2020-18659
Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php
CVSS Score
6.1
EPSS Score
0.004
Published
2021-06-23
CVE-2020-20389
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-06-23
CVE-2020-20391
Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-06-23
CVE-2021-28976
Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.
CVSS Score
7.2
EPSS Score
0.101
Published
2021-06-23
CVE-2021-28977
Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,
CVSS Score
4.8
EPSS Score
0.002
Published
2021-06-23
CVE-2020-18191
GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php
CVSS Score
9.1
EPSS Score
0.052
Published
2020-10-02
CVE-2020-24861
GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page
CVSS Score
5.4
EPSS Score
0.004
Published
2020-10-01
CVE-2020-23839
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.
CVSS Score
6.1
EPSS Score
0.14
Published
2020-09-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved