CVE-2013-1420

Name of the Vulnerable Software and Affected Versions: GetSimple CMS versions prior to 3.2.1

Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via several parameters, including the id parameter to "backup-edit.php", the title or menu parameter to "edit.php", or the path or returnid parameter to "filebrowser.php" in the admin directory.

Recommendations: For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected admin pages, specifically "backup-edit.php", "edit.php", and "filebrowser.php", until the update is applied. Avoid using the vulnerable parameters id, title, menu, path, and returnid in the respective API endpoints until the issue is resolved.