Cmsimple-xh Cmsimple Xh — known CVE vulnerabilities
Every CVE whose affected-product data names Cmsimple-xh Cmsimple Xh, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2021-42645 — CVSS 10.0 (critical): CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the…
CVE-2021-47736 — CVSS 7.2 (high): CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows…
CVE-2025-63588 — CVSS 7.1 (high): An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and…
CVE-2025-63589 — CVSS 7.1 (high): A reflected XSS vulnerability exists in CMSimple_XH 1.8's index.php router when attacker-controlled path segments are not sanitized or…