CVE-2018-17835

2018-10-0108:00:00

mitre

www.cve.org

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

20.6%

JSON

An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI.

References

github.com/GetSimpleCMS/GetSimpleCMS/issues/1298