CVE-2026-6184

LOW

code-projects Simple Content Management System welcome.php cross site scripting

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-6184. PoCs published by Xmyronn.

AI-analyzed exploit summary This repository provides a detailed technical analysis of a stored XSS vulnerability in Simple Content Management System PHP, including affected files, parameters, and step-by-step PoC instructions. It lacks actual exploit code but includes screenshots and specific technical details.

Description

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

Exploits (1)

nomisec WRITEUP

by Xmyronn · poc

https://github.com/Xmyronn/CVE-2026-6184-stored-XSS

View Code ZIP pw:eip

This repository provides a detailed technical analysis of a stored XSS vulnerability in Simple Content Management System PHP, including affected files, parameters, and step-by-step PoC instructions. It lacks actual exploit code but includes screenshots and specific technical details.

Classification

Writeup 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Simple Content Management System PHP 1.0

Auth required

Prerequisites: Admin access to the target system

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Apr 13, 2026 Full analysis →

References (5)

Core 5

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-357107 | code-projects Simple Content Management System welcome.php cross site scripting

https://vuldb.com/vuln/357107

Signature, Permissions Required signature permissions-required

VDB-357107 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/357107/cti

Third Party Advisory third-party-advisory

Submit #797265 | code-projects.org Simple Content Management System in php 1.0 Cross Site Scripting

https://vuldb.com/submit/797265

Exploit exploit

https://github.com/Xmyronn/simple-cms-stored-xss-news-title

Product product

https://code-projects.org/

Scores

CVSS v3 2.4

EPSS 0.0030

EPSS Percentile 21.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

code-projects/Simple Content Management System 1.0

Published Apr 13, 2026

Tracked Since Apr 13, 2026