CVE-2025-63588
An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request e.g., a maliciously crafted POST login. Successful exploitation may lead to theft of...