CVE-2018-17835

2018-10-0108:29:01

Google

osv.dev

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.5%

JSON

An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI.

CPENameOperatorVersion
getsimplecmseq3.3.6
getsimplecmseq3.3.1
getsimplecmseq3.1.1
getsimplecmseq3.3.2
getsimplecmseq3.3.14
getsimplecmseq3.2.0
getsimplecmseq3.2.3
getsimplecmseq3.3.3
getsimplecmseq3.3.7
getsimplecmseq3.3.5

Name	Operator	Version
getsimplecms	eq	3.3.6
getsimplecms	eq	3.3.1
getsimplecms	eq	3.1.1
getsimplecms	eq	3.3.2
getsimplecms	eq	3.3.14
getsimplecms	eq	3.2.0
getsimplecms	eq	3.2.3
getsimplecms	eq	3.3.3
getsimplecms	eq	3.3.7
getsimplecms	eq	3.3.5