CVE-2020-23839

MEDIUM

GetSimple CMS <3.3.16 - XSS

Title source: llm

Description

A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.

Exploits (2)

exploitdb WORKING POC

by boku · pythonwebappsphp

https://www.exploit-db.com/exploits/49726

View Code ZIP pw:eip

nomisec WORKING POC 11 stars

by boku7 · poc

https://github.com/boku7/CVE-2020-23839

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/162016/GetSimple-CMS-3.3.16-Cross-Site-Scripting-Shell-Upload.html

[Exploit, Third Party Advisory] https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1330

[Third Party Advisory] https://github.com/boku7/CVE-2020-23839

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49726

Scores

CVSS v3 6.1

EPSS 0.1692

EPSS Percentile 95.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

get-simple/getsimple_cms 3.3.16

Published Sep 01, 2020

Tracked Since Feb 18, 2026