GetSimpleCms-3.3.16 XSS vulnerability
DESCRIPTION
GetSimple CMS is a flatfile CMS that works fast and efficient and has the best UI around, it is written in PHP.
Official Website - http://get-simple.info/ Github - https://github.com/GetSimpleCMS/GetSimpleCMS
GetSimple CMS XSS vulnerability verification
http://127.0.0.1/GetSimpleCMS-3.3.16/admin/settings.php Website URL: "siteURL" parameter has XSS vulnerability.

Function TSL returns part of $path

$_POST collects the value of the "siteURL" from the form with method="post". Function TSL returns part of the $path. $siteURL contains JavaScript

<div class="rightsec">rendered javascript, XSS executed successfully
Vulnerability executed successfully

