CVE-2015-5355

Name of the Vulnerable Software and Affected Versions GetSimple CMS versions prior to 3.3.6

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerable parameters are post-content and post-title in the "admin/edit.php" endpoint.

Recommendations For versions prior to 3.3.6, update to version 3.3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin/edit.php" endpoint to minimize the risk of exploitation. Avoid using the post-content and post-title parameters in the affected endpoint until the issue is resolved.