← Volver a CVEs
CVE-2026-27147
MEDIUM5.4
Descripcion
GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed malicious JavaScript. When the uploaded SVG file is accessed, the script executes in the browser. This issue does not have a fix at the time of publication.
Detalles CVE
Puntuacion CVSS v3.15.4
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado2/21/2026
Ultima modificacion2/24/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
getsimple-ce:getsimple_cms
Debilidades (CWE)
CWE-79
Referencias
https://github.com/GetSimpleCMS-CE/GetSimpleCMS-CE/security/advisories/GHSA-5gmq-hrcx-6w45(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.