Joel Vado Dilo

**Name of the Vulnerable Software and Affected Versions** GetSimple CMS versions prior to 3.3.6 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerable parameters are `post-content` and `post-title` in the "admin/edit.php" endpoint. **Recommendations** For versions prior to 3.3.6, update to version 3.3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin/edit.php" endpoint to minimize the risk of exploitation. Avoid using the `post-content` and `post-title` parameters in the affected endpoint until the issue is resolved.