- EPSS 2.54%
- Veröffentlicht 20.01.2015 15:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.
CVE-2014-1603
- EPSS 3.22%
- Veröffentlicht 14.05.2014 19:55:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings ac...
CVE-2013-7243
- EPSS 1.85%
- Veröffentlicht 17.01.2014 15:18:02
- Zuletzt bearbeitet 29.04.2026 01:13:23
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php or (2) Display name field to settings.php. NOTE: The Custom Pe...
CVE-2012-6621
- EPSS 1.43%
- Veröffentlicht 16.01.2014 21:55:08
- Zuletzt bearbeitet 29.04.2026 01:13:23
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php...
CVE-2010-5052
- EPSS 3.16%
- Veröffentlicht 23.11.2011 01:55:04
- Zuletzt bearbeitet 16.06.2026 23:26:02
Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter.
CVE-2010-4863
- EPSS 3.34%
- Veröffentlicht 05.10.2011 10:55:07
- Zuletzt bearbeitet 16.06.2026 23:25:41
Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter.