本ページは get-simple getsimple_cms に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-41544 | GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. | [email protected] | 9.8 | 9.44% | 2022-10-18 | 2025-05-13 |
| CVE-2022-1503 | A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory. | [email protected] | 3.5 | 0.62% | 2022-04-27 | 2024-11-21 |
| CVE-2020-24861 | GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page | [email protected] | 5.4 | 0.87% | 2020-10-01 | 2024-11-21 |
| CVE-2020-23839 | A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form. | [email protected] | 6.1 | 10.46% | 2020-09-01 | 2024-11-21 |
| CVE-2013-1420 | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. NOTE: the path parameter in admin/upload.php vector is already covered by CVE-2012-6621. | [email protected] | 6.1 | 1.06% | 2020-01-02 | 2024-11-21 |
| CVE-2019-16333 | GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. | [email protected] | 5.4 | 0.67% | 2019-09-15 | 2024-11-21 |
| CVE-2019-11231 | An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to the official documentation for installation step 10, an admin is required to upload all the files, including the .htaccess files, and run a health check. However, what is overlooked is that the Apache HT | [email protected] | 9.8 | 71.60% | 2019-05-22 | 2024-11-21 |
| CVE-2018-19845 | There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. | [email protected] | 5.4 | 0.57% | 2018-12-31 | 2024-11-21 |
| CVE-2018-19421 | In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | [email protected] | 3.8 | 0.78% | 2018-11-21 | 2024-11-21 |
| CVE-2018-19420 | In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php. | [email protected] | 3.8 | 0.78% | 2018-11-21 | 2024-11-21 |
| CVE-2018-17835 | An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI. | [email protected] | 4.8 | 0.67% | 2018-10-01 | 2024-11-21 |
| CVE-2018-17103 | An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter | [email protected] | 8.8 | 0.65% | 2018-09-16 | 2024-11-21 |
| CVE-2018-16325 | There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. | [email protected] | 6.1 | 0.80% | 2018-09-01 | 2024-11-21 |
| CVE-2018-15843 | GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field. | [email protected] | 4.8 | 0.62% | 2018-08-25 | 2024-11-21 |
| CVE-2018-9173 | Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. | [email protected] | 6.1 | 2.50% | 2018-04-02 | 2024-11-21 |
| CVE-2017-10673 | admin/profile.php in GetSimple CMS 3.x has XSS in a name field. | [email protected] | 6.1 | 0.65% | 2017-06-29 | 2026-05-13 |
| CVE-2014-8723 | GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message. | [email protected] | 5.3 | 1.18% | 2017-03-17 | 2026-05-13 |
| CVE-2014-8722 | GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. | [email protected] | 7.5 | 14.37% | 2017-03-17 | 2026-05-13 |
| CVE-2015-5356 | Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter. | [email protected] | 4.3 | 1.79% | 2015-07-01 | 2026-05-06 |
| CVE-2015-5355 | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php. | [email protected] | 4.3 | 1.92% | 2015-07-01 | 2026-05-06 |