SSVID: SSV-97931 Category: 跨站脚本 (XSS) Component: GetSimpleCMS Submit Time: 2019-05-05 Detail In , we should input sitename, username, and email to setup the website. But if any error occurs in the installation, these three parameters will be returned back to the page without any filter. This allows an attacker to use double quotes to escape and execute any JavaScript script. Timeline 2019-05-05: Submitted and disclosed the vulnerability. 2019-05-05: Provided additional details about the vulnerability. Related Vulnerabilities GetSimpleCMS Reflective XSS #2 GetSimpleCMS Reflective XSS GetSimpleCMS Limited Reflective XSS GetSimpleCMS Arbitrary URL Redirect PoC No Proof of Concept (PoC) available. Solutions Temporary Solutions: No temporary solutions available. Official Solution: No official solutions available. Defense Solutions**: No defense solutions available.