First published: Mon Apr 02 2018(Updated: )
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Get-simple Getsimple Cms | =3.3.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-9173 is a cross-site scripting (XSS) vulnerability in GetSimple CMS 3.3.13.
CVE-2018-9173 allows remote attackers to inject arbitrary web script or HTML.
CVE-2018-9173 has a severity rating of medium with a CVSS score of 6.1.
To fix CVE-2018-9173, update GetSimple CMS to a version that includes a patch or upgrade to a newer version.
You can find more information about CVE-2018-9173 in the following references: [GitHub Issue](https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1266) and [Exploit Database](https://www.exploit-db.com/exploits/44408/).