Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-46040: GetSimplecms exists to store xss

Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function.

CVE
Open in Source
#xss#vulnerability#git#php

0.Open source address:

https://github.com/GetSimpleCMS/GetSimpleCMS

1.GetSimple Version:3.4.0a

2.Download address: https://codeload.github.com/GetSimpleCMS/GetSimpleCMS/zip/refs/heads/master

3.Vulnerability type: Storage xss

4.After installation, open the following address:

/admin/components.php

5.Insert xss code: <script>alert(1)</script>

6.xss is triggered by accessing the foreground

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE