CVE-2021-47733

CMSimple 5.4 is affected by a cross-site scripting vulnerability that bypasses input filtering by HTML Unicode encoding. The vulnerability arises because the application does not effectively neutralize HTML Unicode encoding when processing user input, enabling an attacker to inject arbitrary Java...