CVE-2021-47736
- EPSS 0.87%
- Veröffentlicht 23.12.2025 19:34:09
- Zuletzt bearbeitet 05.01.2026 14:15:51
CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism...
CVE-2025-63588
- EPSS 0.07%
- Veröffentlicht 06.11.2025 00:00:00
- Zuletzt bearbeitet 10.11.2025 17:29:28
An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request (e.g., a maliciously crafted POST login...
CVE-2025-63589
- EPSS 0.07%
- Veröffentlicht 06.11.2025 00:00:00
- Zuletzt bearbeitet 10.11.2025 17:29:33
A reflected XSS vulnerability exists in CMSimple_XH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML (navigation links, breadcrumbs, search form action, footer li...
CVE-2024-34452
- EPSS 0.39%
- Veröffentlicht 21.06.2024 22:15:10
- Zuletzt bearbeitet 11.04.2025 15:15:02
CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document.
- EPSS 6.88%
- Veröffentlicht 10.05.2022 12:15:08
- Zuletzt bearbeitet 21.11.2024 06:27:54
CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host.