CVE-2021-47733

Name of the Vulnerable Software and Affected Versions CMSimple version 5.4

Description The software contains a cross-site scripting issue that allows attackers to bypass input filtering. This is achieved by using HTML to Unicode encoding, enabling the injection of malicious scripts. Attackers can inject payloads, such as ')-alert(1)//', to execute arbitrary JavaScript when victims interact with delete buttons.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.