GetSimple CMS Custom JS Cross-Site Request Forgery Vulnerability Allowing Remote Code Execution

A cross-site request forgery (CSRF) vulnerability has been identified in the Custom JS plugin version 0.1 for GetSimple CMS. This vulnerability allows unauthenticated attackers to inject arbitrary client-side scripts into the browsers of authenticated administrators. When an affected administrator visits a crafted malicious website, the injected script executes a cross-site scripting (XSS) payload that can lead to remote code execution (RCE) on the server hosting the CMS.

Impact

Exploitation of this vulnerability allows for cross-site request forgery, leading to stored cross-site scripting and remote code execution on the server.

Reproduction

To reproduce this vulnerability, an attacker must create a malicious website that, when visited by an authenticated administrator, triggers the injection of JavaScript into the administrator's browser. This can be done by exploiting the CSRF vulnerability to send a request that includes the malicious JavaScript payload. Once the script is executed in the administrator's browser, it can perform actions on behalf of the administrator, including executing code on the server.