CVE-2026-27147 — MEDIUM (5.4)

Q: How severe is CVE-2026-27147?

CVE-2026-27147 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-27147?

Check the references section above for vendor advisories and patch information. Affected products include: Getsimple-Ce Getsimple Cms.

Vulnerability Description

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed malicious JavaScript. When the uploaded SVG file is accessed, the script executes in the browser. This issue does not have a fix at the time of publication.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Getsimple-Ce	Getsimple Cms	<= 3.3.22

Related Weaknesses (CWE)

CWE-79

References

https://github.com/GetSimpleCMS-CE/GetSimpleCMS-CE/security/advisories/GHSA-5gmqExploitMitigationVendor Advisory

FAQ

What is CVE-2026-27147?

CVE-2026-27147 is a vulnerability with a CVSS score of 5.4 (MEDIUM). GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload funct...

How severe is CVE-2026-27147?

CVE-2026-27147 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-27147?

Check the references section above for vendor advisories and patch information. Affected products include: Getsimple-Ce Getsimple Cms.