MEDIUM
GetSimpleCMS-CE
CVE published 2026-02-24
CVE-2026-26351
CVE-2026-26351 is a stored cross-site scripting (XSS) vulnerability affecting GetSimpleCMS Community Edition (CE) versions prior to 3.3.22. The vulnerability exists in the Theme to Components functionality within components.php, where user-supplied input provided to the 'slug' field of a component is stored without proper output encoding. Authenticated administrators can inject malicious script content th [truncated]