Cross-Site Scripting Vulnerabilities in GetSimple CMS
CVE-2013-1420

6.1MEDIUM

Key Information:

Vendor

Get-simple

Status
Getsimple Cms
Vendor
CVE Published:
2 January 2020

What is CVE-2013-1420?

Multiple vulnerabilities in GetSimple CMS prior to version 3.2.1 enable remote attackers to exploit cross-site scripting (XSS) weaknesses. Attackers can inject malicious web scripts or HTML through various parameters including 'id' in backup-edit.php, 'title' and 'menu' in edit.php, or 'path' and 'returnid' in filebrowser.php within the admin directory. To ensure complete protection, it is advisable for users to upgrade to the latest version and implement best security practices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.htbridge.com/advisory/HTB23141
x_refsource_MISC
http://archives.neohapsis.com/archives/bugtraq/2013-05/00...
x_refsource_MISC
http://get-simple.info/changelog
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.