PT-2021-10614 · Unknown · Getsimple Cms

Jinnywco

Published

2021-08-06

Updated

2021-08-09

CVE-2020-21353

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: GetSimple CMS version 3.4.0a

Description: A stored cross site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Edit Snippets module, specifically targeting the /admin/snippets.php endpoint. The Edit Snippets module is vulnerable to this issue, potentially allowing attackers to inject malicious scripts.

Recommendations: For GetSimple CMS version 3.4.0a, consider disabling the Edit Snippets module until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the /admin/snippets.php endpoint to minimize the risk of arbitrary web script execution. Avoid using the Edit Snippets module with untrusted input until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-21353

Affected Products

Getsimple Cms

PT-2021-10614 · Unknown · Getsimple Cms

CVE-2020-21353

Weakness Enumeration

Related Identifiers

Affected Products

References · 4