CVE-2026-27147

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...

PT-2026-21324

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the IOFactory::load function. An attacker can read local files or potentially execute arbitrary code by uploading a malicious XLSX template that contains a specially crafted XML payload. This is onl...

DoS via SAML configuration in Guardian/CMC before 22.6.2

Summary An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. Impact The whole application in rendered unusable until a console intervention...