CVE-2021-47732
MEDIUMCMSimple 5.2 - Stored Cross-Site Scripting in Filebrowser External Input
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-47732. PoCs published by Quadron Research Lab.
AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in CMSimple 5.2 via the 'External:' input field in the Filebrowser settings. The vulnerability allows execution of arbitrary JavaScript when clicking on the Page or Files tab.
Description
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection.
Exploits (1)
This is a writeup describing a stored XSS vulnerability in CMSimple 5.2 via the 'External:' input field in the Filebrowser settings. The vulnerability allows execution of arbitrary JavaScript when clicking on the Page or Files tab.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N