CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

248 matches found

CMSimple 3.1 - Local File Inclusion

CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when registerglobals is enabled which allows remote attackers to include and execute arbitrary local files via a .. dot dot in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including...

6.8CVSS6.3AI score0.18809EPSS

Exploits1References5

CNVD•added 2025/12/29 12:0 a.m.•3 views

CMSimple File Inclusion Vulnerability

CMSimple is a free content management system. CMSimple suffers from a file inclusion vulnerability that stems from improper handling of template/function include paths, which allows the application to include local files without securely restricting and validating the file paths. An attacker can...

8.6CVSS7.3AI score0.00712EPSS

Exploits1References1

CNVD•added 2025/12/29 12:0 a.m.•4 views

CMSimple cross-site scripting vulnerability (CNVD-2026-0082457)

CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the Filebrowser external input field not properly filtering or encoding user-supplied content for output. An attacker can exploit the vulnerability by constructing malicious...

6.1CVSS6.3AI score0.00235EPSS

Exploits1References1

CNVD•added 2025/12/29 12:0 a.m.•2 views

CMSimple Cross-Site Scripting Vulnerability

CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the application not effectively filtering or neutralizing HTML Unicode encoding when processing user input. An attacker could use this vulnerability to execute arbitrary...

6.1CVSS6.4AI score0.00216EPSS

Exploits1References1

RedhatCVE•added 2025/12/24 7:36 p.m.•5 views

CVE-2021-47732

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

6.1CVSS6AI score0.00235EPSS

Exploits1References1

RedhatCVE•added 2025/12/24 7:36 p.m.•2 views

CVE-2021-47733

CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like '-alert1// and execute arbitrary JavaScript when victims interact with delete buttons...

6.1CVSS6.4AI score0.00216EPSS

Exploits1References1

OSV•added 2025/12/23 8:15 p.m.•2 views

CVE-2021-47735

CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to inject malicious PHP code into template files. Attackers can exploit the template editing functionality by crafting a reverse shell payload and saving it through the template editing...

8.6CVSS6.3AI score0.0076EPSS

Exploits1References3

OSV•added 2025/12/23 8:15 p.m.•3 views

CVE-2021-47734

CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file...

7.8CVSS6.1AI score0.00712EPSS

Exploits1References3

NVD•added 2025/12/23 8:15 p.m.•7 views

CVE-2021-47735

8.8CVSS0.0076EPSS

Exploits1References3

NVD•added 2025/12/23 8:15 p.m.•3 views

CVE-2021-47734

8.6CVSS0.00712EPSS

Exploits1References3

NVD•added 2025/12/23 8:15 p.m.•4 views

CVE-2021-47736

CMSimpleXH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitra...

8.6CVSS0.00926EPSS

Exploits1References3

OSV•added 2025/12/23 8:15 p.m.•3 views

CVE-2021-47733

5.1CVSS5.9AI score0.00216EPSS

Exploits1References3

OSV•added 2025/12/23 8:15 p.m.•1 views

CVE-2021-47732

6.1CVSS5.8AI score0.00235EPSS

Exploits1References3

NVD•added 2025/12/23 8:15 p.m.•3 views

CVE-2021-47732

6.1CVSS0.00235EPSS

Exploits1References3

Cvelist•added 2025/12/23 7:35 p.m.•22 views

CVE-2021-47733 CMSimple 5.4 Cross-Site Scripting via HTML Unicode Encoding

6.1CVSS0.00216EPSS

Exploits1References3

Vulnrichment•added 2025/12/23 7:35 p.m.•3 views

CVE-2021-47733 CMSimple 5.4 Cross-Site Scripting via HTML Unicode Encoding

6.1CVSS6AI score0.00216EPSS

Exploits1References3

CVE•added 2025/12/23 7:35 p.m.•11 views

CVE-2021-47733

CMSimple 5.4 is affected by a cross-site scripting vulnerability that bypasses input filtering by HTML Unicode encoding. The vulnerability arises because the application does not effectively neutralize HTML Unicode encoding when processing user input, enabling an attacker to inject arbitrary Java...

6.1CVSS6AI score0.00216EPSS

Exploits1References3Affected Software1

CVE•added 2025/12/23 7:34 p.m.•15 views

CVE-2021-47736

CMSimple_XH 1.7.4 is affected by an authenticated remote code execution in the content editing functionality. The root cause is insufficient input validation/filtering during processing of user-submitted data, allowing authenticated administrators to upload PHP files (via the CSRF mechanism) and ...

8.6CVSS8AI score0.00926EPSS

Exploits1References3Affected Software1

Cvelist•added 2025/12/23 7:34 p.m.•22 views

CVE-2021-47735 CMSimple 5.4 Authenticated Remote Code Execution via Template Editing

8.8CVSS0.0076EPSS

Exploits1References3

Vulnrichment•added 2025/12/23 7:34 p.m.•3 views

CVE-2021-47735 CMSimple 5.4 Authenticated Remote Code Execution via Template Editing

8.8CVSS7.7AI score0.0076EPSS

Exploits1References3

Rows per page