CVE-2012-6621 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1 3.1.2 3.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php.
Reference
http://packetstormsecurity.com/files/124711 http://packetstormsecurity.org/files/112643/GetSimple-CMS-3.1-Cross-Site-Scripting.html http://secunia.com/advisories/49137 http://www.securityfocus.com/bid/53501 http://www.vulnerability-lab.com/get_content.php?id=521 https://exchange.xforce.ibmcloud.com/vulnerabilities/75534 https://exchange.xforce.ibmcloud.com/vulnerabilities/75535
Share on: