CVE-2025-63588

Vulnerability Description

An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request (e.g., a maliciously crafted POST login). Successful exploitation may lead to theft of session cookies, credential disclosure, or other client-side impacts.

Vulnerability Details

Published Date

November 06, 2025

Last Modified

November 10, 2025

Source

NVD

CVE-2025-63588

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment