VYPR

Cmsimple Xh

by Cmsimple Xh

Source repositories

CVEs (4)

  • CVE-2021-42645May 10, 2022
    risk 0.01cvss epss 0.04

    CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host.

  • CVE-2021-47736Dec 23, 2025
    risk 0.00cvss epss 0.01

    CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file…

  • CVE-2025-63589Nov 6, 2025
    risk 0.00cvss epss 0.00

    A reflected XSS vulnerability exists in CMSimple_XH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML (navigation links, breadcrumbs, search form action, footer links). An attacker-controlled…

  • CVE-2024-34452Jun 21, 2024
    risk 0.00cvss epss 0.01

    CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document.