製品・ソフトウェアに関する情報

JVN脆弱性詳細

GetSimple CMS におけるクロスサイトスクリプティングの脆弱性

Title	GetSimple CMS におけるクロスサイトスクリプティングの脆弱性
Summary	GetSimple CMS には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、以下の項目を介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。 (1) admin/settings.php の Email Address フィールド (2) admin/settings.php の Custom Permalink Structure フィールド (3) admin/upload.php の path パラメータ (4) admin/theme.php の err パラメータ (5) admin/pages.php の error パラメータ (6) admin/index.php の success パラメータ (7) admin/index.php の err パラメータ
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	May 4, 2012, midnight
Registration Date	Jan. 20, 2014, 5:10 p.m.
Last Update	Jan. 20, 2014, 5:10 p.m.

Affected System

The GetSimple Team

GetSimple CMS 3.1 およびそれ以前

GetSimple CMS 3.1.2 およびそれ以前

GetSimple CMS 3.2.3 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-6621	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6621
National Vulnerability Database (NVD)
2	CVE-2012-6621	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6621

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
Cagintranet Networks
1	GetSimple CMS	http://get-simple.info/

その他

No	Name	URL
関連文書
1	GetSimple CMS multiple cross-site scripting (75535)	http://xforce.iss.net/xforce/xfdb/75535
2	GetSimple CMS settings.php cross-site scripting (75534)	http://xforce.iss.net/xforce/xfdb/75534

Change Log

No	Changed Details	Date of change
0	[2014年01月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-6621

Summary	Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php.
Publication Date	Jan. 17, 2014, 6:55 a.m.
Registration Date	Jan. 28, 2021, 3:08 p.m.
Last Update	Nov. 21, 2024, 10:46 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:get-simple:getsimple_cms::::::::		3.2.3
cpe:2.3:a:get-simple:getsimple_cms:1.0:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.1:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.2:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.3:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.4:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.5:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.6:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.7:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.25:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.71:::::::*
cpe:2.3:a:get-simple:getsimple_cms:2.0:::::::*
cpe:2.3:a:get-simple:getsimple_cms:2.01:::::::*
cpe:2.3:a:get-simple:getsimple_cms:2.03:::::::*
cpe:2.3:a:get-simple:getsimple_cms:2.03.1:::::::*
cpe:2.3:a:get-simple:getsimple_cms:3.0:::::::*
cpe:2.3:a:get-simple:getsimple_cms:3.1:::::::*
cpe:2.3:a:get-simple:getsimple_cms:3.1.1:::::::*
cpe:2.3:a:get-simple:getsimple_cms:3.1.2:::::::*
cpe:2.3:a:get-simple:getsimple_cms:3.2:::::::*
cpe:2.3:a:get-simple:getsimple_cms:3.2.1:::::::*
cpe:2.3:a:get-simple:getsimple_cms:3.2.2:::::::*

Related information, measures and tools

No	URL	タグ
1	http://packetstormsecurity.com/files/124711
2	http://packetstormsecurity.com/files/124711
3	http://packetstormsecurity.org/files/112643/GetSimple-CMS-3.1-Cross-Site-Scripting.html
4	http://packetstormsecurity.org/files/112643/GetSimple-CMS-3.1-Cross-Site-Scripting.html
5	http://secunia.com/advisories/49137	Vendor Advisory
6	http://secunia.com/advisories/49137	Vendor Advisory
7	http://www.securityfocus.com/bid/53501
8	http://www.securityfocus.com/bid/53501
9	http://www.vulnerability-lab.com/get_content.php?id=521
10	http://www.vulnerability-lab.com/get_content.php?id=521
11	https://exchange.xforce.ibmcloud.com/vulnerabilities/75534
12	https://exchange.xforce.ibmcloud.com/vulnerabilities/75534
13	https://exchange.xforce.ibmcloud.com/vulnerabilities/75535
14	https://exchange.xforce.ibmcloud.com/vulnerabilities/75535

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:get-simple:getsimple_cms::::::::		3.2.3
cpe:2.3:a:get-simple:getsimple_cms:1.0:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.1:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.2:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.3:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.4:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.5:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.6:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.7:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.25:::::::*
cpe:2.3:a:get-simple:getsimple_cms:1.71:::::::*
cpe:2.3:a:get-simple:getsimple_cms:2.0:::::::*
cpe:2.3:a:get-simple:getsimple_cms:2.01:::::::*
cpe:2.3:a:get-simple:getsimple_cms:2.03:::::::*
cpe:2.3:a:get-simple:getsimple_cms:2.03.1:::::::*
cpe:2.3:a:get-simple:getsimple_cms:3.0:::::::*
cpe:2.3:a:get-simple:getsimple_cms:3.1:::::::*
cpe:2.3:a:get-simple:getsimple_cms:3.1.1:::::::*
cpe:2.3:a:get-simple:getsimple_cms:3.1.2:::::::*
cpe:2.3:a:get-simple:getsimple_cms:3.2:::::::*
cpe:2.3:a:get-simple:getsimple_cms:3.2.1:::::::*
cpe:2.3:a:get-simple:getsimple_cms:3.2.2:::::::*