PT-2018-14213 · Getsimple · Getsimple Cms

Iso60001

Published

2018-10-01

Updated

2018-11-15

CVE-2018-17835

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions GetSimple CMS version 3.3.15

Description An issue allows an administrator to insert stored XSS via the Custom Permalink Structure parameter at the "admin/settings.php" endpoint, which injects the XSS payload into any page created at the "admin/pages.php" endpoint.

Recommendations For GetSimple CMS version 3.3.15, as a temporary workaround, consider restricting access to the Custom Permalink Structure parameter in the admin/settings.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-17835

Affected Products

Getsimple Cms

PT-2018-14213 · Getsimple · Getsimple Cms

CVE-2018-17835

Weakness Enumeration

Related Identifiers

Affected Products

References · 4