CVE-2021-47917
Persistent XSS in Simple CMS 2.1 User Modules Enables Hijacking
Publication date: 2026-02-01
Last updated on: 2026-02-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| simplephpscripts | simple_cms_php | 2.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47917 is a persistent cross-site scripting (XSS) vulnerability in Simple CMS version 2.1. It allows remote attackers with authenticated admin or root privileges to inject malicious scripts into user input parameters such as name, username, and password within the newUser and editUser modules. These scripts persistently execute when viewing the user list preview in the admin panel, potentially leading to session hijacking, phishing, unauthorized redirects, and manipulation of application modules. [1, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to hijack user sessions, manipulate the application, perform phishing attacks, and redirect users to malicious websites. Since the malicious scripts persist in the application, they can continuously affect users who view the user list preview, compromising session integrity and overall application security. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the newUser and editUser modules of Simple CMS 2.1 for persistent cross-site scripting (XSS) by injecting script payloads into user input parameters such as `name`, `username`, and `password` via POST requests to `admin.php?act=users`. You can use tools like curl or Burp Suite to send crafted POST requests with script tags in these parameters and then check if the scripts execute when viewing the users list preview. For example, a curl command to test injection might be: curl -X POST -d "name=<script>alert(1)</script>&username=test&password=test" https://your-simplecms-site/admin.php?act=users After injection, visit the user list page to see if the script executes, indicating the vulnerability. Automated scanners that detect persistent XSS in web applications can also be used. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the admin panel to trusted users only, ensuring only authenticated users with proper privileges can access the newUser and editUser modules. Additionally, apply input validation and sanitization on user input parameters (`name`, `username`, `password`) to neutralize any script tags or malicious code before storing or rendering. If a patch or updated version of Simple CMS is available (such as version 2.4), upgrade to that version to fix the vulnerability. As a temporary measure, monitor and audit user management activities for suspicious inputs and consider disabling the affected modules if possible until a fix is applied. [1, 3]