Skip to main content

Simplece

2 CVEs product

Monthly

CVE-2017-9674 MEDIUM POC This Month

In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simplece
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-9673 HIGH POC This Week

In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Simplece
NVD
CVSS 3.0
8.8
EPSS
0.1%
EPSS 0% CVSS 5.4
MEDIUM POC This Month

In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simplece
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Simplece
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy