Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Some security vulnerabilities in v3.3.15 #1310

Closed
LoRexxar opened this issue May 5, 2019 · 1 comment
Closed

Some security vulnerabilities in v3.3.15 #1310

LoRexxar opened this issue May 5, 2019 · 1 comment
Labels
Milestone

Comments

@LoRexxar
Copy link

LoRexxar commented May 5, 2019

Some security vulnerabilities in v3.3.15

  • any url redirection in function redirect
  • Limited Reflective xss in function redirect
  • Reflective xss in /admin/settings.php
  • Reflective xss in /admin/setup.php

the details of these vulnerabilities to see
https://github.com/LoRexxar/CVE_Request/blob/master/getsimplecms%20v3.3.15/getsimplecms_before_v3.3.15.md

@tablatronix tablatronix added this to the 3.3.16 milestone May 24, 2019
@tablatronix
Copy link
Member

added mitigations for these, not fixing the setup.php one at this time

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants