CVE-2014-1603
GetSimple CMS 3.3.1 - Cross-Site Scripting via admin/load.php or admin/settings.php
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-1603. PoCs published by Pedro Ribeiro.
AI-analyzed exploit summary This PoC demonstrates reflected and persistent XSS vulnerabilities in GetSimple CMS 3.3.1 admin console. The reflected XSS occurs in the plugin load page via the 'param' parameter, while the persistent XSS is triggered through the settings page by injecting malicious scripts into user input fields.
Description
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action to admin/settings.php.
Exploits (1)
This PoC demonstrates reflected and persistent XSS vulnerabilities in GetSimple CMS 3.3.1 admin console. The reflected XSS occurs in the plugin load page via the 'param' parameter, while the persistent XSS is triggered through the settings page by injecting malicious scripts into user input fields.