CVE-2021-47917
Unknown Unknown - Not Provided
Persistent XSS in Simple CMS 2.1 User Modules Enables Hijacking

Publication date: 2026-02-01

Last updated on: 2026-02-11

Assigner: VulnCheck

Description
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-01
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-02-01
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47917
EUVD
EUVD-2021-34754
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
simplephpscripts simple_cms_php 2.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47917 is a persistent cross-site scripting (XSS) vulnerability in Simple CMS version 2.1. It allows remote attackers with authenticated admin or root privileges to inject malicious scripts into user input parameters such as name, username, and password within the newUser and editUser modules. These scripts persistently execute when viewing the user list preview in the admin panel, potentially leading to session hijacking, phishing, unauthorized redirects, and manipulation of application modules. [1, 3]

Impact Analysis

This vulnerability can impact you by allowing attackers to hijack user sessions, manipulate the application, perform phishing attacks, and redirect users to malicious websites. Since the malicious scripts persist in the application, they can continuously affect users who view the user list preview, compromising session integrity and overall application security. [1, 3]

Detection Guidance

This vulnerability can be detected by testing the newUser and editUser modules of Simple CMS 2.1 for persistent cross-site scripting (XSS) by injecting script payloads into user input parameters such as `name`, `username`, and `password` via POST requests to `admin.php?act=users`. You can use tools like curl or Burp Suite to send crafted POST requests with script tags in these parameters and then check if the scripts execute when viewing the users list preview. For example, a curl command to test injection might be: curl -X POST -d "name=<script>alert(1)</script>&username=test&password=test" https://your-simplecms-site/admin.php?act=users After injection, visit the user list page to see if the script executes, indicating the vulnerability. Automated scanners that detect persistent XSS in web applications can also be used. [1, 3]

Mitigation Strategies

Immediate mitigation steps include restricting access to the admin panel to trusted users only, ensuring only authenticated users with proper privileges can access the newUser and editUser modules. Additionally, apply input validation and sanitization on user input parameters (`name`, `username`, `password`) to neutralize any script tags or malicious code before storing or rendering. If a patch or updated version of Simple CMS is available (such as version 2.4), upgrade to that version to fix the vulnerability. As a temporary measure, monitor and audit user management activities for suspicious inputs and consider disabling the affected modules if possible until a fix is applied. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47917. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart