CVE-2023-53927
PHPJabbers Simple CMS 5.0 Stored Cross-Site Scripting via Section Creation
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th
PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections, potentially enabling client-side code execution.
| CWE | CWE-79 |
| Vendor | phpjabbers |
| Product | simple cms |
| Published | Dec 17, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for phpjabbers simple cms
Be the first to know when new medium vulnerabilities affecting phpjabbers simple cms are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
PHPJabbers / Simple CMS
5.0
References
Credits
Ahmet Γmit BAYRAM