GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote code on the hosting server when an authenticated administrator visits the page.
References
| Link | Resource |
|---|---|
| http://get-simple.info | Product |
| https://github.com/GetSimpleCMS/GetSimpleCMS | Product |
| https://github.com/boku7/gsCMS-CustomJS-Csrf2Xss2Rce | Exploit Third Party Advisory |
| https://www.exploit-db.com/exploits/49712 | Exploit Third Party Advisory VDB Entry |
| https://www.exploit-db.com/exploits/49816 | Exploit Third Party Advisory VDB Entry |
| https://www.vulncheck.com/advisories/getsimple-cms-custom-js-csrf-to-xss-to-rce | Third Party Advisory |
Configurations
History
06 Mar 2026, 20:10
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://get-simple.info - Product | |
| References | () https://github.com/GetSimpleCMS/GetSimpleCMS - Product | |
| References | () https://github.com/boku7/gsCMS-CustomJS-Csrf2Xss2Rce - Exploit, Third Party Advisory | |
| References | () https://www.exploit-db.com/exploits/49712 - Exploit, Third Party Advisory, VDB Entry | |
| References | () https://www.exploit-db.com/exploits/49816 - Exploit, Third Party Advisory, VDB Entry | |
| References | () https://www.vulncheck.com/advisories/getsimple-cms-custom-js-csrf-to-xss-to-rce - Third Party Advisory | |
| CPE | cpe:2.3:a:get-simple:getsimplecms:0.1:*:*:*:*:*:*:* | |
| First Time |
Get-simple
Get-simple getsimplecms |
21 Jan 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-21 18:16
Updated : 2026-03-06 20:10
NVD link : CVE-2021-47860
Mitre link : CVE-2021-47860
CVE.ORG link : CVE-2021-47860
JSON object : View
Products Affected
get-simple
- getsimplecms
CWE
CWE-352
Cross-Site Request Forgery (CSRF)