CVE-2026-4225

🗓️ 16 Mar 2026 07:32:07Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 6 Views🌐 WEB

CMS Made Simple before 2.2.21 has cross-site scripting in User Management listusers.php via Message.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-4225	16 Mar 202607:32	–	attackerkb
CNNVD	CMS Made Simple 代码注入漏洞	16 Mar 202600:00	–	cnnvd
Cvelist	CVE-2026-4225 CMS Made Simple User Management listusers.php cross site scripting	16 Mar 202607:32	–	cvelist
EUVD	EUVD-2026-12366	16 Mar 202615:30	–	euvd
NVD	CVE-2026-4225	16 Mar 202614:20	–	nvd
OpenVAS	CMS Made Simple <= 2.2.21 Multiple Vulnerabilities	23 Jun 202500:00	–	openvas
Positive Technologies	PT-2026-25635	16 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-4225	26 Mar 202615:15	–	redhatcve
Vulnrichment	CVE-2026-4225 CMS Made Simple User Management listusers.php cross site scripting	16 Mar 202607:32	–	vulnrichment

Vulners

Node

cms_made_simple cms_made_simpleMatch2.2.0

cms_made_simple cms_made_simpleMatch2.2.1

cms_made_simple cms_made_simpleMatch2.2.2

cms_made_simple cms_made_simpleMatch2.2.3

cms_made_simple cms_made_simpleMatch2.2.4

cms_made_simple cms_made_simpleMatch2.2.5

cms_made_simple cms_made_simpleMatch2.2.6

cms_made_simple cms_made_simpleMatch2.2.7

cms_made_simple cms_made_simpleMatch2.2.8

cms_made_simple cms_made_simpleMatch2.2.9

cms_made_simple cms_made_simpleMatch2.2.10

cms_made_simple cms_made_simpleMatch2.2.11

cms_made_simple cms_made_simpleMatch2.2.12

cms_made_simple cms_made_simpleMatch2.2.13

cms_made_simple cms_made_simpleMatch2.2.14

cms_made_simple cms_made_simpleMatch2.2.15

cms_made_simple cms_made_simpleMatch2.2.16

cms_made_simple cms_made_simpleMatch2.2.17

cms_made_simple cms_made_simpleMatch2.2.18

cms_made_simple cms_made_simpleMatch2.2.19

cms_made_simple cms_made_simpleMatch2.2.20

cms_made_simple cms_made_simpleMatch2.2.21

[
  {
    "vendor": "n/a",
    "product": "CMS Made Simple",
    "versions": [
      {
        "version": "2.2.0",
        "status": "affected"
      },
      {
        "version": "2.2.1",
        "status": "affected"
      },
      {
        "version": "2.2.2",
        "status": "affected"
      },
      {
        "version": "2.2.3",
        "status": "affected"
      },
      {
        "version": "2.2.4",
        "status": "affected"
      },
      {
        "version": "2.2.5",
        "status": "affected"
      },
      {
        "version": "2.2.6",
        "status": "affected"
      },
      {
        "version": "2.2.7",
        "status": "affected"
      },
      {
        "version": "2.2.8",
        "status": "affected"
      },
      {
        "version": "2.2.9",
        "status": "affected"
      },
      {
        "version": "2.2.10",
        "status": "affected"
      },
      {
        "version": "2.2.11",
        "status": "affected"
      },
      {
        "version": "2.2.12",
        "status": "affected"
      },
      {
        "version": "2.2.13",
        "status": "affected"
      },
      {
        "version": "2.2.14",
        "status": "affected"
      },
      {
        "version": "2.2.15",
        "status": "affected"
      },
      {
        "version": "2.2.16",
        "status": "affected"
      },
      {
        "version": "2.2.17",
        "status": "affected"
      },
      {
        "version": "2.2.18",
        "status": "affected"
      },
      {
        "version": "2.2.19",
        "status": "affected"
      },
      {
        "version": "2.2.20",
        "status": "affected"
      },
      {
        "version": "2.2.21",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:cms_made_simple:cms_made_simple:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "User Management Module"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/feixuezhi/cms/wiki
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
Message	query param	admin/listusers.php	Cross-site scripting via Message parameter in admin/listusers.php (User Management Module) up to 2.2.21.	CWE-94, CWE-79

17 Jun 2026 10:56Current

4Medium risk

Vulners AI Score4

CVSS 3.12.4

CVSS 23.3

CVSS 44.8

CVSS 32.4

EPSS0.00206

SSVC