Unrated severityNVD Advisory· Published Dec 23, 2025· Updated Apr 7, 2026
CMSimple 5.4 Cross-Site Scripting via HTML Unicode Encoding
CVE-2021-47733
Description
CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like ')-alert(1)// and execute arbitrary JavaScript when victims interact with delete buttons.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/50612mitreexploit
- www.vulncheck.com/advisories/cmsimple-cross-site-scripting-via-html-unicode-encodingmitrethird-party-advisory
- www.cmsimple.org/en/mitreproduct
News mentions
0No linked articles in our index yet.