CVE-2026-38931
Stored XSS in SimplePHP Admin Panel via Admin Config Module
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| creatorsofcode | simplephp | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of simplephp allows attackers to execute malicious scripts in users' browsers, potentially leading to theft of cookies, sensitive data, or hijacking of administrator accounts.
Such unauthorized access and data exposure could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information against unauthorized access and breaches.
Therefore, exploitation of this vulnerability may result in violations of data protection requirements mandated by these regulations.
Can you explain this vulnerability to me?
This vulnerability is a stored cross-site scripting (XSS) issue found in the /admin/config-module.php component of the creatorsofcode simplephp application. It occurs when an attacker injects a crafted payload that gets stored and later executed in the context of the application, potentially affecting users who access the vulnerable component.
How can this vulnerability impact me? :
The stored XSS vulnerability can allow attackers to execute malicious scripts in the browsers of users who visit the affected component. This can lead to unauthorized actions such as stealing session cookies, defacing web content, or performing actions on behalf of the user without their consent.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by logging into the admin backend of the simplephp application, navigating to the "Analytics Tracker" module, and checking the "Custom Head Tracking Code" field for any injected scripts or suspicious payloads such as <script>alert(666666)</script>.
A practical detection method involves injecting a harmless XSS payload into the module's configuration and then visiting the homepage to see if the script executes, confirming the presence of the vulnerability.
There are no specific network commands provided, but manual inspection of the admin panel configuration fields for injected scripts is recommended.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable "Analytics Tracker" module's "Custom Head Tracking Code" field until a patch is applied.
Administrators should sanitize or remove any suspicious scripts from the module's configuration to prevent stored XSS payloads from executing.
Additionally, restricting access to the admin backend to trusted users and monitoring for unusual activity can help reduce the risk of exploitation.
Applying any available updates or patches from the software maintainers as soon as they are released is also critical.