CNNVD-202511-527 Information

CNNVD ID

CNNVD-202511-527

Related CVE

CVE-2025-63588

• CNNVD Published: 2025-11-06

Description (Chinese)

CMSimple_XH是CMSimple_XH开源的一个快速、小型、易于使用且易于安装的模块化内容管理系统（CMS）。 CMSimple_XH存在安全漏洞，该漏洞源于查询处理中存在未经验证的反射型跨站脚本，可能导致会话cookie窃取、凭据泄露或其他客户端影响。

Description (English)

CMSimple XH is a fast, small, user-friendly and easy to install modular content management system (CMS) for CMSimple XH open source. CMSimple XH has a security loophole, which stems from the existence of unverified reflector-type cross-site scripts in the query processing, which may result in session cookies stealing, leaking evidence or other client influence.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

CMSimple_XH

Published

2025-11-06

Last Modified

2026-02-24

References

https://github.com/cybercrewinc/CVE-2025-63588 https://helloandrewpaul.medium.com/reflected-xss-in-login-form-email-password-fields-vvveb-cms-v1-0-7-2-18800186804d