Full Disclosure mailing list archives
[CVE-2014-1603] XSS in GetSimple CMS 3.3.1
From: Pedro Ribeiro <pedrib () gmail com>
Date: Mon, 12 May 2014 22:51:36 +0100
Hi, Found some persistent and reflected cross site scripting in the Admin console of GetSimple CMS 3.3.1 and below. Waited 6 months for a fix but the developer stopped answering my emails, so decided to release this anyway. Details attached if you care - also available at https://raw.githubusercontent.com/pedrib/PoC/master/getsimplecms-3.3.1.txt. Regards, Pedro Ribeiro Agile Information Security
Attachment:
getsimplecms-3.3.1.txt
Description:
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- [CVE-2014-1603] XSS in GetSimple CMS 3.3.1 Pedro Ribeiro (May 12)