2 matches found
CVE-2018-17835
An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI...
CVE-2018-17835
GetSimple CMS 3.3.15 is affected by CVE-2018-17835. The issue is a stored XSS: an administrator can inject malicious payload via the admin/settings.php Custom Permalink Structure parameter, which then contaminates any page created at the admin/pages.php URI. The vulnerability is rooted in imprope...