Vulnerabilities for Getsimplecms (...) - CXSECURITY.COM

Vulnerabilities for 'Getsimplecms'

2021-08-06

CVE-2020-21353

CWE-79

A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets module.

2021-06-23

CVE-2020-18660

CWE-601

GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.

CVE-2020-18657

CWE-79

Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.

CVE-2020-18658

CWE-79

Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.

CVE-2020-18659

CWE-79

Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php

CVE-2021-28976

CWE-434

Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.

CVE-2021-28977

CWE-79

Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,

CVE-2020-20389

CWE-79

Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php.

CVE-2020-20391

CWE-79

Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.

>>> Vendor: Get-simple 2 Products

Getsimplecms

Copyright 2024, cxsecurity.com