Get-simple Getsimple Cms — known CVE vulnerabilities
Every CVE whose affected-product data names Get-simple Getsimple Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (26)
CVE-2019-11231 — CVSS 9.8 (critical): An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files…
CVE-2022-41544 — CVSS 9.8 (critical): GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in…
CVE-2018-17103 — CVSS 8.8 (high): An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via…
CVE-2014-8722 — CVSS 7.5 (high): GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2)…
CVE-2018-19845 — CVSS 5.4 (medium): There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325.
CVE-2020-24861 — CVSS 5.4 (medium): GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create…
CVE-2014-8723 — CVSS 5.3 (medium): GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2)…
CVE-2014-8790 — CVSS 5.0 (medium): XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain…
CVE-2018-17835 — CVSS 4.8 (medium): An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink…
CVE-2015-5355 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or…
CVE-2015-5356 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary…
CVE-2010-4863 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web…
CVE-2013-7243 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script…
CVE-2012-6621 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject…
CVE-2010-5052 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web…
CVE-2014-1603 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML…
CVE-2018-19420 — CVSS 3.8 (low): In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such…
CVE-2018-19421 — CVSS 3.8 (low): In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of…
CVE-2022-1503 — CVSS 3.5 (low): A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php…