GetSimple CMS 3.3.16 allows in parameter ‘permalink’ on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24861
Reference (s):
- http://get-simple.info
- https://www.exploit-db.com/exploits/48850
- https://www.youtube.com/watch?v=8IMfD5KGt_U