Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/22 5:34 p.m.6 views

CVE-2021-47870

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

5.4CVSS5.8AI score0.00229EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/21 5:32 p.m.3 views

CVE-2021-47870 GetSimple CMS My SMTP Contact Plugin 1.1.2 - Stored XSS

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

4.8CVSS5.8AI score0.00229EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/21 5:32 p.m.20 views

CVE-2021-47870 GetSimple CMS My SMTP Contact Plugin 1.1.2 - Stored XSS

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

4.8CVSS0.00229EPSS
Exploits1References5
CVE
CVE
added 2026/01/21 5:32 p.m.13 views

CVE-2021-47870

CVE-2021-47870 affects GetSimple CMS with the plugin “My SMTP Contact Plugin” v1.1.2. The stored XSS arises because input is sanitized with htmlspecialchars() but can be bypassed by escaped hex bytes, enabling arbitrary client-side code execution in an administrator’s browser when visiting a craf...

5.4CVSS5.8AI score0.00229EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder