Cross-Site Scripting Vulnerability in GetSimple CMS by GetSimpleCMS
CVE-2014-1603

Currently unrated

Key Information:

Vendor

Get-simple

Status
Getsimple Cms
Vendor
CVE Published:
14 May 2014

What is CVE-2014-1603?

GetSimple CMS 3.3.1 is susceptible to multiple cross-site scripting (XSS) vulnerabilities that enable remote attackers to inject arbitrary web scripts or HTML. This can occur through various parameters, including 'param' in admin/load.php and 'user', 'email', or 'name' parameters during the Save Settings action in admin/settings.php. Such vulnerabilities pose significant risks by allowing unauthorized script execution, endangering user sessions and compromising data integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://seclists.org/fulldisclosure/2014/May/53
mailing-listx_refsource_FULLDISC
https://raw.githubusercontent.com/pedrib/PoC/master/getsi...
x_refsource_MISC
http://www.securityfocus.com/bid/67337
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.