[CVE-2014-1603] XSS in GetSimple CMS 3.3.1

[Pedro Ribeiro <pedrib () gmail com>]

Hi,

Found some persistent and reflected cross site scripting in the Admin
console of GetSimple CMS 3.3.1 and below.
Waited 6 months for a fix but the developer stopped answering my
emails, so decided to release this anyway.

Details attached if you care - also available at
https://raw.githubusercontent.com/pedrib/PoC/master/getsimplecms-3.3.1.txt.

Regards,
Pedro Ribeiro
Agile Information Security

Attachment: getsimplecms-3.3.1.txt
Description:

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/