# Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting# Google Dork: N/A# Date: 24-03-2014# Exploit Author: Jeroen - IT Nerdbox# Vendor Homepage: http://get-simple.info/# Software Link: http://get-simple.info/download/# Version: v3.3.1# Tested on: N/A# CVE : N/A### Description:## In the administrative interface, the users can change their personal
settings. The parameters "name"and# "permalink"do not properly sanitize its input and allows malicious code
to be stored in the XML file.### PoC:# Admin"><script>alert("1");</script># http://url/admin/settings.php### The following parameters are vulnerable:## 1. Permalink# 2. Name### More information can be found at:
http://www.nerdbox.it/getsimple-cms-v3-3-1-vulnerabilities/
