CVE-2025-63588

Name of the Vulnerable Software and Affected Versions CMSimpleXH (affected versions not specified)

Description An unauthenticated reflected cross-site scripting issue exists in the query handling process. This allows remote attackers to inject and execute arbitrary JavaScript in a victim’s browser through a crafted request, such as a malicious POST login attempt. Successful exploitation could result in the theft of session cookies or credential disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.