CVE-2024-34452

CMSimpleXH 1.7.6 allows XSS by uploading a crafted SVG document...

CMSimple_XH Code Execution Vulnerability

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a code execution vulnerability that stems from the content editing functionality not securely restricting or filtering code input when...

CVE-2021-47736

CMSimpleXH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitra...

CVE-2021-47736 CMSimple_XH 1.7.4 Authenticated Remote Code Execution via Content Editing

CMSimpleXH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitra...

CMSimple_XH 代码注入漏洞

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a code execution vulnerability that stems from the content editing functionality not securely restricting or filtering code input when...

CMSimple_XH Cross-Site Scripting Vulnerability

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from not cleaning or coding path segments under the control of an attacker, no details of the...

CMSimple_XH cross-site scripting vulnerability (CNVD-2026-02642)

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, for...

CVE-2025-63589

CMSimple_XH 1.8 is affected by a reflected XSS in the index.php router: attacker-controlled path segments are not sanitized/encoded before being inserted into generated HTML (navigation links, breadcrumbs, search form action, footer links), allowing arbitrary JavaScript in victims’ browsers via a...

CMSimple_XH 安全漏洞

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from not cleaning or coding path segments under the control of an attacker, no details of the...

EUVD-2021-29609

Malicious code in bioql PyPI...

CMSimple_XH cross-site scripting vulnerability (CNVD-2026-02655)

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, for...

CVE-2024-34452

CMSimpleXH 1.7.6 allows XSS by uploading a crafted SVG document...

CVE-2024-34452

CMSimpleXH 1.7.6 allows XSS by uploading a crafted SVG document...

CVE-2024-34452

CMSimpleXH 1.7.6 allows XSS by uploading a crafted SVG document...

CVE-2024-34452

CMSimple_XH 1.7.6 is affected by CVE-2024-34452, enabling cross-site scripting through uploading a crafted SVG document. Multiple sources describe the issue as a lack of proper filtering/escaping of user input in SVG uploads, leading to XSS in CMSimple_XH. The affected product is a PHP-based CMS....

CVE-2024-34452

CMSimpleXH 1.7.6 allows XSS by uploading a crafted SVG document...

CMSimple_XH Code Execution Vulnerability

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a code execution vulnerability that can be exploited by an attacker to upload a PHP load using the File parameter to gain privileges from a...

CVE-2021-42645

CMSimpleXH 1.7.4 is affected by a remote code execution RCE vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host...

CVE-2021-42645

CMSimpleXH 1.7.4 is affected by a remote code execution RCE vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host...

Design/Logic Flaw

CMSimpleXH 1.7.4 is affected by a remote code execution RCE vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host...