CVE-2021-47917

Name of the Vulnerable Software and Affected Versions Simple CMS version 2.1

Description Simple CMS version 2.1 contains a persistent cross-site scripting issue in user input parameters. Remote attackers can inject malicious script code through the newUser and editUser modules. Successful exploitation allows the injection of persistent scripts that execute on the user list preview, potentially leading to session hijacking and application manipulation.

Recommendations Update Simple CMS to a newer version that addresses this issue. As a temporary workaround, consider restricting or disabling the newUser and editUser modules until a patch is available.