PT-2014-3300 · Getsimple · Getsimple Cms
Published
2014-01-17
·
Updated
2018-10-30
·
CVE-2013-7243
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
GetSimple CMS versions 3.1.2 through 3.2.3
Description
The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the
post-menu field to "edit.php" or the Display name field to "settings.php".Recommendations
For GetSimple CMS versions 3.1.2 through 3.2.3, consider disabling access to the
edit.php and settings.php pages until a fix is available. Restrict input to the post-menu and Display name fields to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Getsimple Cms