CVE-2020-18659

Name of the Vulnerable Software and Affected Versions: GetSimpleCMS versions prior to 3.3.16

Description: A Cross Site Scripting issue exists due to improper validation of user input in the sitename, username, and email parameters to the "/admin/setup.php" API endpoint. This allows an attacker to inject malicious scripts into the website.

Recommendations: For GetSimpleCMS versions prior to 3.3.16, update to version 3.3.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/admin/setup.php" endpoint and validating user input for the sitename, username, and email parameters to prevent malicious script injection.