GetSimple CMS 跨站脚本漏洞

GetSimple CMS is an open-source content management system developed by GetSimple CMS. GetSimple CMS has a cross-site scripting vulnerability, which stems from improper cleanup or restrictions on SVG file uploads, potentially leading to cross-site scripting attacks...

CVE-2026-27202

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

CVE-2026-27202

CVE-2026-27202 concerns GetSimple CMS. All versions are affected by a flaw in the Uploaded Files feature that enables arbitrary file reads. The issue is reported as not fixed at publication. The available documents do not provide exploit details or concrete attack vectors. The CVSS data indicates...

CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

CVE-2026-27161

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

CVE-2026-27161 Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

CVE-2026-27161

GetSimple CMS is affected: all versions rely on .htaccess to restrict access to /data/ and /backups/. If Apache AllowOverride is disabled, protections can be bypassed, allowing unauthenticated attackers to list and download sensitive files such as authorization.xml, which contains cryptographic s...

CVE-2026-27161 Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

CVE-2026-27161 Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

CVE-2026-27147 GetSimple CMS: Stored Cross-Site Scripting (XSS) via SVG File Upload (Authenticated)

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...

CVE-2026-27147 GetSimple CMS: Stored Cross-Site Scripting (XSS) via SVG File Upload (Authenticated)

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...

CVE-2026-27147

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...

CVE-2026-27147

GetSimple CMS is affected by a stored XSS due to unsanitized SVG uploads. All versions are vulnerable; authenticated users can upload SVG files via the admin upload function, and the uploaded SVGs execute JavaScript when viewed. The issue is described as not having a fix at the time of publicatio...

CVE-2026-27147 GetSimple CMS: Stored Cross-Site Scripting (XSS) via SVG File Upload (Authenticated)

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...

CVE-2026-27146 GetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary Uploads

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The...

CVE-2026-27146

GetSimple CMS is affected by a CSRF on the administrative file upload endpoint across all versions due to missing CSRF protection. An attacker can craft a malicious page that silently triggers a file upload from an authenticated admin user’s browser without a token or origin validation, enabling ...

CVE-2026-27146 GetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary Uploads

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The...

PT-2026-21324

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...