Writeup Exploits
63,671 exploits tracked across all sources.
GetSimple CMS 3.3.15 - Stored Cross-Site Scripting in admin/theme-edit.php
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
CVSS 5.4
GetSimple CMS 3.3.13 - Cross-Site Scripting via uploadify.swf movieName Parameter
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.
CVSS 6.1
GetSimpleCMS 3.3.15 - Unrestricted Upload of File with Dangerous Type via .eml File
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
CVSS 3.8
GetSimpleCMS 3.3.15 - Unauthenticated Unrestricted Upload of File with Dangerous Type via Bypassed Extension Validation
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.
CVSS 3.8
GetSimple CMS 3.3.15 - Stored Cross-Site Scripting via Custom Permalink Structure
An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI.
CVSS 4.8
GetSimple CMS v3.3.13 - Cross-Site Request Forgery via admin/settings.php
An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter
CVSS 8.8
GetSimple CMS 3.4.0.9 - Stored Cross-Site Scripting via Admin Edit Title Field
There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field.
CVSS 6.1
GetSimple CMS 3.3.14 - Stored Cross-Site Scripting via Add New Page Field
GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.
CVSS 4.8
GetSimple CMS 3.3.13 - Privilege Escalation and CSRF via Weak PRNG in Session Cookie
Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce.
CVSS 8.8
GetSimple CMS 3.x - Cross-Site Scripting in Admin Profile Name Field
admin/profile.php in GetSimple CMS 3.x has XSS in a name field.
CVSS 6.1
CVE-2015-5356
WRITEUP
GetSimple CMS < 3.3.6 - Cross-Site Scripting via File Browser func Parameter
Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter.
CVE-2015-5356
WRITEUP
GetSimple CMS < 3.3.6 - Cross-Site Scripting via File Browser func Parameter
Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter.
CVE-2015-5355
WRITEUP
GetSimple CMS < 3.3.6 - Cross-Site Scripting via Post Content or Title Parameter
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php.
CVE-2015-5355
WRITEUP
GetSimple CMS < 3.3.6 - Cross-Site Scripting via Post Content or Title Parameter
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php.
CVE-2014-8790
WRITEUP
GetSimple CMS 3.1.1-3.3.x - XML External Entity Injection via admin/api.php Data Parameter
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.
GetSimple CMS My SMTP Contact Plugin 1.1.2 - XSS
GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary client-side code that executes in the administrator's browser when visiting a malicious page.
CVSS 5.4
GitHub hestiacp/hestiacp <1.8.8 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.
CVSS 3.9
Hestia Control Panel 1.3.2 - File Write
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the server.
CVSS 8.8
HestiaCP < 1.3.5 - Arbitrary Package Installation via pkg[] Parameter
An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager.
CVSS 7.5
Hestia Control Panel <1.3.5 - Privilege Escalation
Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.
CVSS 5.4
VESTA/Hestia Control Panel <1.1.1 - SSRF
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
CVSS 6.5
VESTA/Hestia Control Panel <1.1.1 - SSRF
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
CVSS 6.5
FreeLAN 2.2 - Unquoted Service Path Privilege Escalation
FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup.
CVSS 7.8
Gila CMS < 2.0.0 - Unauthenticated Remote Code Execution via User-Agent Header Injection
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system commands by sending crafted requests to the admin endpoint.
CVSS 9.8
dirsearch 0.4.1 - CSV Injection via Redirect Endpoint Path
Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the generated CSV report.
CVSS 9.8
By Source