Skip to content

Persistent XSS - GetSimpleCMS 3.3.5 #1046

Closed
@joelvadodil

Description

Hi team,

It was observed that GetSimpleCMS 3.3.5 is vulnerable to persistent XSS. If you add any new page and in the edit page header & body if you pass the payload and save, it gets executed for all the users.

URL - http://localhost/Getsimplecms-3.3.5/admin/edit.php?id=temp&upd=edit-success&type=edit
Payload - ">img src="blah.jpg" onerror="alert('XSS')"/

Add < before img and > at the end.
Please assign a CVE-ID for the same.

Thanks,
Joel

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions