CVE-2026-27147
GetSimple CMS: Stored Cross-Site Scripting (XSS) via SVG File Upload (Authenticated)
GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed malicious JavaScript. When the uploaded SVG file is accessed, the script executes in the browser. This issue does not have a fix at the time of publication.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Productos afectados
GetSimpleCMS-CE · GetSimpleCMS-CE¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →