PT-2014-3300 · Getsimple · Getsimple Cms
Publicado
2014-01-17
·
Atualizado
2018-10-30
·
CVE-2013-7243
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
GetSimple CMS versions 3.1.2 through 3.2.3
Description
The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the
post-menu field to "edit.php" or the Display name field to "settings.php".Recommendations
For GetSimple CMS versions 3.1.2 through 3.2.3, consider disabling access to the
edit.php and settings.php pages until a fix is available. Restrict input to the post-menu and Display name fields to minimize the risk of exploitation.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Getsimple Cms