- EPSS 0.66%
- Veröffentlicht 20.01.2015 15:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.
CVE-2014-1603
- EPSS 2.86%
- Veröffentlicht 14.05.2014 19:55:10
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings ac...
CVE-2013-7243
- EPSS 0.25%
- Veröffentlicht 17.01.2014 15:18:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php or (2) Display name field to settings.php. NOTE: The Custom Pe...
CVE-2012-6621
- EPSS 0.48%
- Veröffentlicht 16.01.2014 21:55:08
- Zuletzt bearbeitet 11.04.2025 00:51:21
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php...
CVE-2010-5052
- EPSS 0.26%
- Veröffentlicht 23.11.2011 01:55:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter.
CVE-2010-4863
- EPSS 4.05%
- Veröffentlicht 05.10.2011 10:55:07
- Zuletzt bearbeitet 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter.