PT-2026-25635 · Undefined · Undefined

Feioklucy

Published

2026-03-16

Updated

2026-03-16

CVE-2026-4225

CVSS v2.0

3.3

Low

Vector

AV:N/AC:L/Au:M/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions CMS Made Simple versions up to 2.2.21

Description A security issue exists in CMS Made Simple that allows for cross site scripting. The issue is located in the User Management Module, specifically within the admin/listusers.php file. Manipulation of the Message argument can trigger the flaw, and the attack can be carried out remotely. The exploit for this issue has been publicly released.

Recommendations Versions prior to 2.2.21 should be updated.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2026-4225

Affected Products

Undefined

PT-2026-25635 · Undefined · Undefined

CVE-2026-4225

Weakness Enumeration

Related Identifiers

Affected Products

References · 8