VDB
CVE-2020-23839
CVE-2020-23839
PUBLISHED
CVSS 6.099999904632568 MEDIUM
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.
EPSS 16.92% · 95.1th percentile
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
16.92%
95.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| get-simple | getsimple_cms | 3.3.16 |
Exploit Intelligence
- Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal (github-poc-repo)
- Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal (github-poc-repo)
- Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal (github-poc-repo)
- Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal (github-poc-repo)
- Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal (github-poc-repo)
- Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal (github-poc)
- Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal (github-poc)
- Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal (github-poc)
- Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal (github-poc)
- https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1330 (nist-nvd)
…and 6 more exploits
Timeline
- Sep 1, 2020 CVE Published
- Mar 30, 2021 PoC Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Jul 15, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Nov 15, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1330 url
- http://packetstormsecurity.com/files/162016/GetSimple-CMS-3.3.16-Cross-Site-Scripting-Shell-Upload.html url
- 49726 exploit
- https://github.com/boku7/CVE-2020-23839 url
- https://nvd.nist.gov/vuln/detail/CVE-2020-23839 advisory
- https://support.broadcom.com/security-advisory/content/0/0/SYMSA17570 advisory