First published: Wed Jun 23 2021(Updated: )
Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Get-simple Getsimplecms | <=3.3.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-28977 is medium with a CVSS score of 4.8.
CVE-2021-28977 affects GetSimpleCMS versions up to and including 3.3.15.
An attacker can exploit CVE-2021-28977 by adding malicious comments or injecting file header information into xla, pages, and gzip files in GetSimpleCMS's admin/upload.php.
Yes, upgrading to GetSimpleCMS 3.3.16 or later will fix CVE-2021-28977.
More information about CVE-2021-28977 can be found at this link: [reference](https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1336).