https://pwnwiki.com/index.php?action=history&feed=atom&title=CMSimple_5.2_XSS%E6%BC%8F%E6%B4%9E
CMSimple 5.2 XSS漏洞 - Revision history
2026-04-07T20:34:52Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CMSimple_5.2_XSS%E6%BC%8F%E6%B4%9E&diff=1250&oldid=prev
Pwnwiki: Created page with "==INFO== # Exploit Title: CMSimple 5.2 - 'External' Stored XSS # Date: 2021/04/07 # Exploit Author: Quadron Research Lab # Version: CMSimple 5.2 # Tested on: Windows 10 x64 HU..."
2021-04-08T08:10:30Z
<p>Created page with "==INFO== # Exploit Title: CMSimple 5.2 - 'External' Stored XSS # Date: 2021/04/07 # Exploit Author: Quadron Research Lab # Version: CMSimple 5.2 # Tested on: Windows 10 x64 HU..."</p>
<p><b>New page</b></p><div>==INFO==<br />
# Exploit Title: CMSimple 5.2 - 'External' Stored XSS<br />
# Date: 2021/04/07<br />
# Exploit Author: Quadron Research Lab<br />
# Version: CMSimple 5.2<br />
# Tested on: Windows 10 x64 HUN/ENG Professional<br />
# Vendor: https://www.cmsimple.org/en/<br />
<br />
[Description]<br />
The CMSimple 5.2 allow stored XSS via the Settings > CMS > Filebrowser > "External:" input field.<br />
<br />
[Attack Vectors]<br />
The CMSimple cms "Filebrowser" "External:" input field not filter special chars. It is possible to place JavaScript code. <br />
The JavaScript code placed here is executed by clicking on the Page or Files tab.<br />
<br />
[Proof of Concept]<br />
https://github.com/Quadron-Research-Lab/CVE/blob/main/CMSimple_5.2_XSS.pdf</div>
Pwnwiki