CVE-2021-47919
Unknown Unknown - Not Provided
Non-Persistent XSS in Simple CMS preview.php Enables Session Hijack

Publication date: 2026-02-01

Last updated on: 2026-02-11

Assigner: VulnCheck

Description
Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-01
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-02-01
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47919
EUVD
EUVD-2021-34752
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
simplephpscripts simple_cms_php 2.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47919 is a non-persistent cross-site scripting (XSS) vulnerability in Simple CMS version 2.1. It exists in the preview.php file's 'id' parameter, which does not properly neutralize input. Attackers can send a crafted GET request injecting malicious script code into this parameter. This causes the malicious script to execute in the victim's browser context, without requiring authentication or significant user interaction. The vulnerability affects the preview module's exception-handling output, enabling client-side script execution that can lead to session hijacking, phishing, external redirects, or manipulation of application modules. [1, 2]

Impact Analysis

Exploitation of this vulnerability can allow attackers to execute arbitrary scripts in the victim's browser, potentially leading to session hijacking, phishing attacks, redirection to malicious sites, and manipulation of application modules. This can compromise user sessions and trust, resulting in unauthorized access or data theft. [1, 2]

Detection Guidance

This vulnerability can be detected by sending crafted HTTP GET requests to the preview.php file with malicious payloads injected into the 'id' parameter and observing if the response executes or reflects the injected script. For example, you can use curl to test the vulnerability with a payload like: curl -v 'http://targetsite/preview.php?id=-1%3E%22%3Ciframe%20src=evil.source%20onload=alert(document.cookie)%3E'. If the response includes the injected script or triggers an alert, the system is vulnerable. [1]

Mitigation Strategies

Immediate mitigation steps include applying the vendor's patch released by October 2, 2021, which fixes the input validation in the preview.php file's 'id' parameter. Until the patch is applied, you can implement input validation or filtering on the 'id' parameter to neutralize script code, restrict access to the preview.php file, and monitor for suspicious GET requests targeting this parameter to prevent exploitation. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47919. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart