Simple cms
This hub aggregates every CVE we track for Simple cms, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
8
CVEs tracked
1
Critical
4
High
0
In CISA KEV
Severity distribution
HIGH4MEDIUM3CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
3
0
0
0
0
2024-072026-06
Latest CVEs
The 8 most recently published vulnerabilities affecting Simple cms.
- CVE-2021-47917Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters6.4
- CVE-2021-47918Simple CMS 2.1 SQL Injection Vulnerability via Users Module8.1
- CVE-2021-47919Simple CMS 2.1 Non-Persistent Cross-Site Scripting via Preview Parameter6.4
- CVE-2023-53927PHPJabbers Simple CMS 5.0 Stored Cross-Site Scripting via Section Creation5.4
- CVE-2023-53926PHPJabbers Simple CMS 5.0 SQL Injection via Column Parameter9.8
- CVE-2018-15564An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.8.8
- CVE-2018-15565An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF.8.8
- CVE-2008-0835SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter.7.5
Product normalization is registry-driven with AI assist and human review. How it works