CVE-2021-47732
Stored XSS in CMSimple 5.2 Filebrowser Enables Persistent Script Injection
Publication date: 2025-12-23
Last updated on: 2025-12-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cmsimple | cmsimple | 5.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47732 is a stored cross-site scripting (XSS) vulnerability in CMSimple version 5.2. It occurs in the Filebrowser External input field, which does not properly filter or sanitize special characters. This allows attackers to inject malicious JavaScript code that is stored persistently and executes when users click on the Page or Files tabs within the CMS interface. This persistent script injection can lead to client-side attacks such as session hijacking or defacement. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious JavaScript code in the context of your CMS users. This can lead to session hijacking, defacement of the website, or other client-side attacks that compromise user data or the integrity of the CMS interface. Since the script is stored persistently, the attack can affect multiple users over time. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of malicious or suspicious JavaScript code injected into the 'External:' input field under Settings > CMS > Filebrowser in CMSimple 5.2. You can manually inspect this input field for unusual scripts. Additionally, monitoring HTTP requests and responses for suspicious payloads targeting this input field may help detect exploitation attempts. Since the vulnerability triggers when users click on the Page or Files tabs, testing these interactions with payloads containing script tags can confirm the presence of the vulnerability. Specific commands are not provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable 'External:' input field in the Filebrowser until a patch or update is available. Restrict user permissions to limit who can access and modify this input field. Implement web application firewall (WAF) rules to detect and block malicious JavaScript payloads targeting this input. Educate users to avoid clicking on the Page or Files tabs if suspicious activity is suspected. Monitor logs for unusual activity related to this vulnerability. Applying official patches or updates from CMSimple when available is recommended. [1, 2]