CVE-2012-6621

EPSS 0.48%
Veröffentlicht 16.01.2014 21:55:08
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Get-simple ≫ Getsimple Cms Version <= 3.2.3

Get-simple ≫ Getsimple Cms Version1.0

Get-simple ≫ Getsimple Cms Version1.1

Get-simple ≫ Getsimple Cms Version1.2

Get-simple ≫ Getsimple Cms Version1.3

Get-simple ≫ Getsimple Cms Version1.4

Get-simple ≫ Getsimple Cms Version1.5

Get-simple ≫ Getsimple Cms Version1.6

Get-simple ≫ Getsimple Cms Version1.7

Get-simple ≫ Getsimple Cms Version1.25

Get-simple ≫ Getsimple Cms Version1.71

Get-simple ≫ Getsimple Cms Version2.0

Get-simple ≫ Getsimple Cms Version2.01

Get-simple ≫ Getsimple Cms Version2.03

Get-simple ≫ Getsimple Cms Version2.03.1

Get-simple ≫ Getsimple Cms Version3.0

Get-simple ≫ Getsimple Cms Version3.1

Get-simple ≫ Getsimple Cms Version3.1.1

Get-simple ≫ Getsimple Cms Version3.1.2

Get-simple ≫ Getsimple Cms Version3.2

Get-simple ≫ Getsimple Cms Version3.2.1

Get-simple ≫ Getsimple Cms Version3.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.48%	0.62

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://packetstormsecurity.com/files/124711

http://packetstormsecurity.org/files/112643/GetSimple-CMS-3.1-Cross-Site-Scripting.html

http://secunia.com/advisories/49137

Vendor Advisory

http://www.securityfocus.com/bid/53501

http://www.vulnerability-lab.com/get_content.php?id=521

https://exchange.xforce.ibmcloud.com/vulnerabilities/75534

https://exchange.xforce.ibmcloud.com/vulnerabilities/75535

https://nvd.nist.gov/vuln/detail/CVE-2012-6621

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-6621

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-6621

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2012-6621