Description

A reflected XSS vulnerability exists in CMSimple_XH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML (navigation links, breadcrumbs, search form action, footer links). An attacker-controlled string placed in the URL path is reflected into multiple HTML elements, allowing execution of arbitrary JavaScript in victims' browsers visiting a crafted URL.

INFO

Published Date :

2025-11-06T00:00:00.000Z

Last Modified :

2025-11-06T19:12:48.998Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-63589 vulnerability.

Vendors Products
Cmsimple-xh
  • Cmsimple Xh
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-63589.

URL Resource
https://github.com/cmsimple-xh/cmsimple-xh/blob/master/index.php cve-icon cve-icon
https://github.com/cybercrewinc/CVE-2025-63589 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact