PT-2017-11426 · Getsimple · Getsimple Cms
Wangai666
·
Published
2017-06-29
·
Updated
2019-12-12
·
CVE-2017-10673
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GetSimple CMS versions 3.x
Description
The issue is related to a name field in the admin/profile.php file, which has XSS.
Recommendations
For GetSimple CMS versions 3.x, update to a version that includes a fix for this issue, or as a temporary workaround, consider validating and sanitizing user input in the name field to prevent XSS attacks.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Getsimple Cms