CVE-2026-6184

LOW

code-projects Simple Content Management System welcome.php cross site scripting

Title source: cna

Description

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

Exploits (1)

nomisec WRITEUP

by Xmyronn · poc

https://github.com/Xmyronn/CVE-2026-6184-stored-XSS

View Code ZIP pw:eip

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/357107

[Signature, Permissions Required] https://vuldb.com/vuln/357107/cti

[Third Party Advisory] https://vuldb.com/submit/797265

[Exploit] https://github.com/Xmyronn/simple-cms-stored-xss-news-title

[Product] https://code-projects.org/

Scores

CVSS v3 2.4

EPSS 0.0003

EPSS Percentile 9.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

code-projects/Simple Content Management System 1.0

Published Apr 13, 2026

Tracked Since Apr 13, 2026