Unrated severityNVD Advisory· Published Feb 1, 2026· Updated Mar 5, 2026

Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters

CVE-2021-47917

Description

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation.

Affected products

Simple Cms/Simple CMSllm-fuzzy
Range: = 2.1
Simplephpscripts/Simple CMSv5
Range: 2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vulnerability-lab.com/get_content.phpmitreexploit
www.vulncheck.com/advisories/simple-cms-persistent-cross-site-scripting-via-user-input-parametersmitrethird-party-advisory
simplephpscripts.com/simple-cms-phpmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000