Twinson333

**Name of the Vulnerable Software and Affected Versions** GetSimple CMS (affected versions not specified) **Description** GetSimple CMS does not implement CSRF protection on the administrative file upload endpoint. An attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The request is accepted without requiring a CSRF token or origin validation, allowing an attacker to upload arbitrary files to the application without the victim’s knowledge or consent. To exploit this, the victim must be authenticated to GetSimple CMS and visit an attacker-controlled webpage. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GetSimple CMS (affected versions not specified) **Description** GetSimple CMS is susceptible to a cross-site scripting (XSS) issue stemming from improper handling of SVG file uploads. Authenticated users can upload SVG files through the administrative upload feature. These files are not adequately sanitized or restricted, enabling an attacker to embed malicious JavaScript code. When an uploaded SVG file is accessed, the embedded script executes within the user's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GetSimple CMS (affected versions not specified) **Description** GetSimple CMS is a content management system. All versions of GetSimple CMS depend on .htaccess files to restrict access to sensitive directories such as `/data/` and `/backups/`. If Apache `AllowOverride` is disabled, a common configuration in hardened or shared hosting environments, these protections are silently ignored. This allows unauthenticated attackers to list and download sensitive files, including `authorization.xml`, which contains cryptographic salts and API keys. The `authorization.xml` file contains sensitive information that could be used to compromise the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.