← volver
CVE-2021-47860

GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE

CVSS 8.5 HIGHEPSS 0.2%CWE-352
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
21 ene 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote code on the hosting server when an authenticated administrator visits the page.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N