BUG REPORT GetSimple CMS Security Vulnerabilities Notification

BUG REPORT GetSimple CMS Security Vulnerabilities Notification - Printable Version

+- GetSimple Support Forum (http://get-simple.info/forums)
+-- Forum: GetSimple (http://get-simple.info/forums/forumdisplay.php?fid=3)
+--- Forum: General Questions and Problems (http://get-simple.info/forums/forumdisplay.php?fid=16)
+--- Thread: BUG REPORT GetSimple CMS Security Vulnerabilities Notification (/showthread.php?tid=7757)

GetSimple CMS Security Vulnerabilities Notification - SachinWagh - 2015-12-06

================================================================
GetSimple CMS – Version 3.3.7 – Cross-Site Scripting Vulnerability
================================================================

Information
--------------------
Vulnerability Type : Cross Site Scripting Vulnerability
Vulnerable Version : 3.3.7
Vendor Homepage:
CVE-ID :
Severity : Medium
Author – Sachin Wagh (@tiger_tigerboy)

Description
--------------------

GetSimple CMS – Version 3.3.7 is prone to Multiple a Cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected site.

Proof of Concept URL
--------------------

Please find attached POC

Advisory Information:
================================================
GetSimple CMS XSS Vulnerability

Severity Level:
=========================================================
Med

Description:
==========================================================

Vulnerable Product:
[+] GetSimple CMS 3.3.7

Vulnerable Parameter(s):
[+] template

Affected Area(s):
[+] http://localhost/GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/admin/theme.php

For any questions related to this notification message - please contact on : wsachin092@gmail.com

Best Regards,

Sachin Wagh