Cmsimple-xh Cmsimple_xh
5 CVEs affecting Cmsimple-xh Cmsimple_xh. Latest disclosed: 2025-12-23. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-42645 | Critical | 10.0 | 2022-05-10 | CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to uploa… |
CVE-2021-47736 | High | 7.2 | 2025-12-23 | CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload… |
CVE-2025-63589 | High | 7.1 | 2025-11-06 | A reflected XSS vulnerability exists in CMSimple_XH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being ins… |
CVE-2025-63588 | High | 7.1 | 2025-11-06 | An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary Jav… |
CVE-2024-34452 | Medium | 6.1 | 2024-06-21 | CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document. |