CVE-2013-1420
GetSimple CMS before 3.2.1 has multiple XSS weaknesses allowing remote injection of script/HTML via: (1) id in backup-edit.php; (2) title or (3) menu in edit.php; or (4) path or (5) returnid in filebrowser.php under admin/. Note: path in admin/upload.php is covered by CVE-2012-6621. No public det...