exploitDog

GHSA-pgc8-g7q5-fq5m

Опубликовано: 01 фев. 2026

Источник: github

Github: Не прошло ревью

CVSS4: 5.1

CVSS3: 6.4

Описание

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation.

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation.

Ссылки

EPSS

Процентиль: 13%

0.00044

Низкий

5.1 Medium

CVSS4

6.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-47917

CVSS3: 6.4

nvd

8 дней назад

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation.

EPSS

Процентиль: 13%

0.00044

Низкий

5.1 Medium

CVSS4

6.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79