CVE-2021-47732 MEDIUM

CVE-2021-47732: CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input

Vendor Cmsimple
Product CMSimple
Weakness CWE-79 · XSS
Published December 23, 2025
Last update April 7, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection.

Key dates

02Disclosure timeline

December 23, 2025 CVE published
April 7, 2026 Record updated

Related vulnerabilities

04Related CVE