PatchSiren

GetSimpleCMS-CE CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM GetSimpleCMS-CE CVE published 2026-02-24

CVE-2026-26351

CVE-2026-26351 is a stored cross-site scripting (XSS) vulnerability affecting GetSimpleCMS Community Edition (CE) versions prior to 3.3.22. The vulnerability exists in the Theme to Components functionality within components.php, where user-supplied input provided to the 'slug' field of a component is stored without proper output encoding. Authenticated administrators can inject malicious script content th [truncated]