CVE-2021-47919
Severity CVSS v4.0:
MEDIUM
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
01/02/2026
Last modified:
01/02/2026
Description
Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks.
Impact
Base Score 4.0
5.10
Severity 4.0
MEDIUM
Base Score 3.x
6.40
Severity 3.x
MEDIUM