Iso60001

**Name of the Vulnerable Software and Affected Versions** GetSimple CMS version 3.3.15 **Description** An issue allows an administrator to insert stored XSS via the `Custom Permalink Structure` parameter at the "admin/settings.php" endpoint, which injects the XSS payload into any page created at the "admin/pages.php" endpoint. **Recommendations** For GetSimple CMS version 3.3.15, as a temporary workaround, consider restricting access to the `Custom Permalink Structure` parameter in the admin/settings.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.