Home

Description

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection.

PUBLISHED Reserved 2025-12-23 | Published 2025-12-23 | Updated 2025-12-23 | Assigner VulnCheck




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

CMSimple 5.2
affected

Credits

Quadron Research Lab finder

References

www.exploit-db.com/exploits/49751 (ExploitDB-49751) exploit

www.cmsimple.org/en/ (Official CMSimple Vendor Homepage) product

www.vulncheck.com/...cripting-via-filebrowser-external-input (VulnCheck Advisory: CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input) third-party-advisory

cve.org (CVE-2021-47732)

nvd.nist.gov (CVE-2021-47732)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.