CVE-2018-9173

Name of the Vulnerable Software and Affected Versions GetSimple CMS version 3.3.13

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This is demonstrated by the movieName parameter.

Recommendations For GetSimple CMS version 3.3.13, update to a version that fixes this issue to prevent exploitation. As a temporary workaround, consider restricting access to the uploadify.swf file in the admin/template/js/uploadify directory until a patch is available. Avoid using the movieName parameter in the affected API endpoint until the issue is resolved.