Cmsimple Xh
by Cmsimple Xh
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-42645 | 0.01 | — | 0.04 | May 10, 2022 | CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host. | |||
| CVE-2021-47736 | 0.00 | — | 0.01 | Dec 23, 2025 | CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file… | |||
| CVE-2025-63589 | 0.00 | — | 0.00 | Nov 6, 2025 | A reflected XSS vulnerability exists in CMSimple_XH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML (navigation links, breadcrumbs, search form action, footer links). An attacker-controlled… | |||
| CVE-2024-34452 | 0.00 | — | 0.01 | Jun 21, 2024 | CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document. |
- CVE-2021-42645May 10, 2022risk 0.01cvss —epss 0.04
CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host.
- CVE-2021-47736Dec 23, 2025risk 0.00cvss —epss 0.01
CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file…
- CVE-2025-63589Nov 6, 2025risk 0.00cvss —epss 0.00
A reflected XSS vulnerability exists in CMSimple_XH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML (navigation links, breadcrumbs, search form action, footer links). An attacker-controlled…
- CVE-2024-34452Jun 21, 2024risk 0.00cvss —epss 0.01
CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document.