CVE-2021-47917

6.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious scripts. Attackers can exploit the newUser and editUser modules to inject scripts that execute when users view the user list, potentially leading to session hijacking and application manipulation. All users of Simple CMS 2.1 are affected.

💻 Affected Systems

Products:
  • Simple CMS
Versions: 2.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default installation of Simple CMS 2.1. No special configuration is required for exploitation.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could hijack administrator sessions, gain full control of the CMS, steal sensitive data, deface websites, or install backdoors for persistent access.

🟠

Likely Case

Attackers inject malicious scripts that steal user session cookies, redirect users to phishing sites, or perform actions on behalf of authenticated users.

🟢

If Mitigated

With proper input validation and output encoding, the malicious scripts would be neutralized before execution, preventing exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authentication to access the newUser or editUser modules. The vulnerability is well-documented with public proof-of-concept examples.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check if Simple CMS 2.1 is installed. 2. Upgrade to a newer version if available. 3. If no newer version exists, implement input validation and output encoding in the affected modules.

🔧 Temporary Workarounds

Implement Input Validation

all

Add server-side validation to sanitize user input in newUser and editUser modules.

Edit the PHP files for newUser and editUser modules to include input sanitization functions like htmlspecialchars() or filter_var().

Implement Output Encoding

all

Encode user-controlled data before displaying it in the user list preview.

Modify the user list display code to use htmlspecialchars() or similar functions when outputting user data.

🧯 If You Can't Patch

  • Restrict access to the newUser and editUser modules to trusted administrators only.
  • Implement a web application firewall (WAF) with XSS protection rules to block malicious payloads.

🔍 How to Verify

Check if Vulnerable:

Test by injecting a simple XSS payload (e.g., <script>alert('XSS')</script>) into user input fields in the newUser or editUser modules and check if it executes when viewing the user list.

Check Version:

Check the CMS version in the admin panel or look for version information in the source code files.

Verify Fix Applied:

After applying fixes, repeat the XSS payload injection test to confirm the script does not execute and is properly encoded in the output.

📡 Detection & Monitoring

Log Indicators:

  • Unusual user input containing script tags or JavaScript code in newUser/editUser requests
  • Multiple failed login attempts followed by successful access to user management modules

Network Indicators:

  • HTTP requests with suspicious parameters containing script tags or encoded payloads
  • Unexpected outbound connections from the CMS server after user list views

SIEM Query:

source="web_server_logs" AND (uri="/newUser" OR uri="/editUser") AND (param="*<script>*" OR param="*javascript:*")

📊 Metadata

CVE ID: CVE-2021-47917
CVSS v3 Score: 6.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: February 1, 2026
Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share This