CVE-2015-5356
GetSimple CMS < 3.3.6 - Cross-Site Scripting via File Browser func Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/GetSimpleCMS/GetSimpleCMS/releases/tag/v3.3.6
Patch x_refsource_confirm
https://github.com/GetSimpleCMS/GetSimpleCMS/commit/cb1845743bd11ba74a49b6b522c080df86a17d51
Issue Tracking x_refsource_confirm
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1059
Scores
EPSS
0.0179
EPSS Percentile
75.7%
Details
CWE
CWE-79
Status
published
Products (1)
get-simple/getsimple_cms
< 3.3.2
Published
Jul 01, 2015
Tracked Since
Feb 18, 2026