Skip to content

CVE-2014-1603

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action to admin/settings.php.

View on NVD

Severity

N/A

EPSS

Probability of exploitation (next 30 days): 0.0285 (2.9%)
Percentile: 86.3%
EPSS: 2026-05-06

Affects

get-simple:getsimple_cms

Technical description

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action to admin/settings.php.

Published: 5/14/2014, 7:55:10 PM
Last modified: 5/6/2026, 10:30:45 PM

References

HomeEventsBlogResourcesTeam