2025-12-23 19:35:44
VulnCheck
PUBLISHED
CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like )-alert(1)// and execute arbitrary JavaScript when victims interact with delete buttons.