CVE-2014-1603

Name of the Vulnerable Software and Affected Versions GetSimple CMS version 3.3.1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected API endpoints include "admin/load.php" and "admin/settings.php". Specifically, the vulnerable parameters are param in "admin/load.php", and user, email, or name in a Save Settings action to "admin/settings.php".

Recommendations For GetSimple CMS version 3.3.1, as a temporary workaround, consider restricting access to the "admin/load.php" and "admin/settings.php" endpoints until a patch is available. Avoid using the param parameter in "admin/load.php" and the user, email, or name parameters in the Save Settings action to "admin/settings.php" until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.