GetSimple CMS My SMTP Contact Plugin Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the My SMTP Contact plugin for GetSimple CMS, specifically in version 1.1.2. The vulnerability arises because the plugin's input sanitization, which uses the htmlspecialchars() function, can be easily bypassed by sending dangerous characters as escaped hexadecimal bytes. This exploitation enables attackers to inject arbitrary client-side scripts that execute in the administrator's browser when they visit a compromised page.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected content.

Reproduction

To reproduce this vulnerability, upload the My SMTP Contact plugin version 1.1.2 to a GetSimple CMS installation. After that, send a POST request to the plugin's settings page with the 'm_smtp_c_sender_name' field containing a script tag payload, encoded as hexadecimal bytes, to bypass the input sanitization. Once the payload is injected, it will be executed in the administrator's browser when they visit the page where the script was injected.