Some security vulnerabilities in v3.3.15

[LoRexxar]

Some security vulnerabilities in v3.3.15

• any url redirection in function redirect
• Limited Reflective xss in function redirect
• Reflective xss in /admin/settings.php
• Reflective xss in /admin/setup.php

the details of these vulnerabilities to see
https://github.com/LoRexxar/CVE_Request/blob/master/getsimplecms%20v3.3.15/getsimplecms_before_v3.3.15.md

[tablatronix]

added mitigations for these, not fixing the setup.php one at this time

[zentery]

Is there a link to the patch here?