VYPR
Unrated severityNVD Advisory· Published Feb 20, 2026· Updated Feb 25, 2026

GetSimple CMS: Stored Cross-Site Scripting (XSS) via SVG File Upload (Authenticated)

CVE-2026-27147

Description

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed malicious JavaScript. When the uploaded SVG file is accessed, the script executes in the browser. This issue does not have a fix at the time of publication.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.