Cmsimple-xh Cmsimple_xh

5 CVEs affecting Cmsimple-xh Cmsimple_xh. Latest disclosed: 2025-12-23. Critical: 1, High: 3.

Top CVEs affecting Cmsimple-xh Cmsimple_xh
CVESeverityScorePublishedSummary
CVE-2021-42645Critical10.02022-05-10CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to uploa…
CVE-2021-47736High7.22025-12-23CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload…
CVE-2025-63589High7.12025-11-06A reflected XSS vulnerability exists in CMSimple_XH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being ins…
CVE-2025-63588High7.12025-11-06An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary Jav…
CVE-2024-34452Medium6.12024-06-21CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document.