Browse all 5 CVE security advisories affecting CMSimple. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CMSimple serves as a lightweight content management system designed for straightforward website creation and maintenance without requiring database dependencies. Historically, it has been susceptible to multiple cross-site scripting (XSS) vulnerabilities, remote code execution (RCE) flaws, and privilege escalation issues, primarily stemming from insufficient input validation and improper access controls. The platform's minimal architecture reduces attack surfaces compared to more complex CMS platforms, though its age and infrequent updates contribute to persistent security challenges. While no major public security incidents have been widely documented, the five recorded CVEs highlight ongoing risks for users who fail to implement timely patches and security hardening measures.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-47733 | CMSimple 5.4 Cross-Site Scripting via HTML Unicode Encoding — CMSimpleCWE-79 | 6.1 | Medium | 2025-12-23 |
| CVE-2021-47734 | CMSimple 5.4 Authenticated Local File Inclusion Remote Code Execution — CMSimpleCWE-98 | 7.8 | High | 2025-12-23 |
| CVE-2021-47735 | CMSimple 5.4 Authenticated Remote Code Execution via Template Editing — CmsimpleCWE-94 | 8.8 | High | 2025-12-23 |
| CVE-2021-47732 | CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input — CMSimpleCWE-79 | 6.1 | Medium | 2025-12-23 |
| CVE-2024-58280 | CMSimple 5.15 Remote Command Execution via Extensions Configuration — CMSimpleCWE-403 | 8.8AI | HighAI | 2025-12-10 |
This page lists every published CVE security advisory associated with CMSimple. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.