CVE Request: GetSimple CMS: Multiple Stored XSS

[Anirudh Anand <anirudhanand722 () gmail com>]

Hello,

GetSimple <http://get-simple.info/> is a stand-a-alone, fully independent
and lite Content Management System.

Recently I found that Getsimple CMS is vulnerable to Stored Cross site
scripting attack.

*POC:*

While creating a new page, give the page title as
*new"onmouseover="alert(1)";* and in the content, give *<svg
onload="alert(10)">*. Now save it and then go to *pages.php* and then hover
the mouse over the cross mark (which is used to delete the post). You can
see that XSS is triggered.

Now, go to *backups.php* and hover the mouse over it and again you can see
the XSS triggered. Now open the backup and you can see that *<svg>* is
triggered there. But since there is regex checking in the main pages, the
*<svg>* won't get triggered in the main page.

Any normal user has the ability to add new pages and each time when a post
is saved, it gets automatically saved into *backups.php*

*Date of reporting:* 3rd July, 2015

*Exploit Author:* Anirudh Anand

*Vendor Homepage*: http://get-simple.info/

*Software Link:* http://get-simple.info/download/

*Version affected: *Possibly all version <= 3.3.5

*Tested on:* Linux:- Ubuntu, Debian, PHP - 5.5


The issue has been reported to the vendor:
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1067

Is it possible to assign CVE identifier for the same ?

Thank you,

-- 

Anirudh Anand
bi0s@AMRITA
www.securethelock.com

*"Those who Say it cannot be done, should not interrupt the people doing
it"*