CVE-2026-27147

Name of the Vulnerable Software and Affected Versions GetSimple CMS (affected versions not specified)

Description GetSimple CMS is susceptible to a cross-site scripting (XSS) issue stemming from improper handling of SVG file uploads. Authenticated users can upload SVG files through the administrative upload feature. These files are not adequately sanitized or restricted, enabling an attacker to embed malicious JavaScript code. When an uploaded SVG file is accessed, the embedded script executes within the user's browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.