CVE-2021-47732 CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

CVE-2024-32392

Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote attacker to execute arbitrary code via the functions.php component...

CVE-2024-57546

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...

CVE-2024-57548

CMSimple 5.16 allows the user to edit log.php file via print page...

PT-2025-3468 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.16 Description: The issue is related to insecure permissions in the file download functionality of the backup system, allowing a remote attacker to obtain sensitive information. This can be achieved through a crafted script...