Affected software: GetSimple CMS

Type of vulnerability: Stored XSS

Discovered by: BreachLock

Website:https://www.breachlock.com

Author: Subodh Kumar

Description: Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS. In general, XSS attacks are based on the victim’s trust in a legitimate, but vulnerable, website or web application. XSS vulnerabilities are the most common type of input validation vulnerabilities, according to Context Information Security report “Web application vulnerability statistics 2013”. The Persistent XSS condition is met when a website or web application stores user input, serve it back to other users when retrieving it at a later stage without validation before storage or before embedding stored content into HTML response pages.
Source:https://www.acunetix.com/blog/articles/persistent-xss/

Step to reproduce the vulnerability:

1. Login the CMS.

2. Open Pagehttp://127.0.0.26/admin/edit.php

3. Click on "Page Options"

4. Check the "Add this page to the menu" checkbox.

5. Put XSS payload ("><svg/onload=alert("XSS_By_Breachlock")>) in the "post-menu" parameter and click on save page to publish the page (See Image1.png).
   

6. Visit the page to published with XSS payload (See Image2.png).