Product:

Getsimplecms

(Get\-Simple)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 15
Date Id Summary Products Score Patch Annotated
2021-08-06 CVE-2020-21353 A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets module. Getsimplecms 5.4
2021-06-23 CVE-2021-28976 Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. Getsimplecms 7.2
2021-06-23 CVE-2020-18657 Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function. Getsimplecms 6.1
2021-06-23 CVE-2020-18660 GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter. Getsimplecms 6.1
2021-06-23 CVE-2021-28977 Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files, Getsimplecms 4.8
2021-06-23 CVE-2020-20389 Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php. Getsimplecms 4.8
2021-06-23 CVE-2020-20391 Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets. Getsimplecms 5.4
2021-06-23 CVE-2020-18658 Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php. Getsimplecms 6.1
2021-06-23 CVE-2020-18659 Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php Getsimplecms 6.1
2020-10-02 CVE-2020-18191 GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php Getsimplecms 9.1