CVE-2021-47870

GetSimple CMS My SMTP Contact Plugin 1.1.2 - Stored XSS

Description

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary client-side code that executes in the administrator's browser when visiting a malicious page.

INFO

Published Date :

2026-01-21T17:32:09.385Z

Last Modified :

2026-04-07T14:06:23.031Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2021-47870 vulnerability.

Vendors	Products
Get-simple	Getsimplecms
Getsimple-ce	Getsimple Cms

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2021-47870.

URL	Resource
http://get-simple.info
https://github.com/GetSimpleCMS/GetSimpleCMS
https://github.com/boku7/gsSMTP-Csrf2Xss2RCE/
https://www.exploit-db.com/exploits/49798
https://www.vulncheck.com/advisories/getsimple-cms-my-smtp-contact-plugin-stored-xss

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact