Closed
Description
Hi team,
It was observed that GetSimpleCMS 3.3.5 is vulnerable to persistent XSS. If you add any new page and in the edit page header & body if you pass the payload and save, it gets executed for all the users.
URL - http://localhost/Getsimplecms-3.3.5/admin/edit.php?id=temp&upd=edit-success&type=edit
Payload - ">img src="blah.jpg" onerror="alert('XSS')"/
Add < before img and > at the end.
Please assign a CVE-ID for the same.
Thanks,
Joel