CVE-2017-10673

Published Jun 29, 2017

Last updated 5 years ago

Overview

Description: admin/profile.php in GetSimple CMS 3.x has XSS in a name field.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1685FE6C-8C13-489B-9FDC-32A358AD7266"
          },
          {
            "criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D400FBBB-51D9-4C69-A530-8085599EF82D"
          },
          {
            "criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "733282CB-3E2E-4E12-AF47-6A9EA4807C6E"
          },
          {
            "criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5D8A854-9344-4063-85BF-1C773B33EADE"
          },
          {
            "criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15806A00-25E7-404A-9E8B-D74DCD847275"
          },
          {
            "criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDD52948-4B08-4582-8E8B-C1E9FA2989B2"
          },
          {
            "criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B64BEF7-F4F8-4B6B-8426-8D3A7365996D"
          },
          {
            "criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF77D84A-9212-4CE9-89D5-3205CD841FCF"
          },
          {
            "criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5201DE3-6BF1-4634-9B61-F486C444FF01"
          },
          {
            "criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93A26D2C-5F0F-4EEA-B9AB-31ADCC5CD42A"
          },
          {
            "criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1183BEB7-723B-4E5E-818B-98A8E35E17E9"
          },
          {
            "criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.3.2:b3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEEA76C0-5C52-4AE6-B97F-AC5DF4D38AAF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References