CVE-2018-17835

Name of the Vulnerable Software and Affected Versions GetSimple CMS version 3.3.15

Description An issue allows an administrator to insert stored XSS via the Custom Permalink Structure parameter at the "admin/settings.php" endpoint, which injects the XSS payload into any page created at the "admin/pages.php" endpoint.

Recommendations For GetSimple CMS version 3.3.15, as a temporary workaround, consider restricting access to the Custom Permalink Structure parameter in the admin/settings.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.