CVE-2023-53927

MEDIUM

PHPJabbers Simple CMS 5.0 - Authenticated Stored Cross-Site Scripting via Section Name Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53927. PoCs published by Ahmet Ümit BAYRAM.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in PHPJabbers Simple CMS V5.0. The payload is injected via the 'Section' field, which is then rendered in the application, triggering the XSS.

Description

PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections, potentially enabling client-side code execution.

Exploits (1)

exploitdb WORKING POC
by Ahmet Ümit BAYRAM · textwebappsphp
https://www.exploit-db.com/exploits/51415

This exploit demonstrates a stored XSS vulnerability in PHPJabbers Simple CMS V5.0. The payload is injected via the 'Section' field, which is then rendered in the application, triggering the XSS.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PHPJabbers Simple CMS V5.0
Auth required
Prerequisites: Valid credentials to access the admin panel
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/51415
Product product
https://www.phpjabbers.com/

Scores

CVSS v3 5.4
EPSS 0.0023
EPSS Percentile 13.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
PHPJabbers/Simple CMS 5.0
phpjabbers/simple_cms 5.0
Published Dec 17, 2025
Tracked Since Feb 18, 2026