CVE-2021-47870

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary client-side code that executes in the administrator's browser when visiting a malicious page.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
http://get-simple.info	Product
https://github.com/GetSimpleCMS/GetSimpleCMS	Product
https://github.com/boku7/gsSMTP-Csrf2Xss2RCE/	Exploit Third Party Advisory
https://www.exploit-db.com/exploits/49798	Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/getsimple-cms-my-smtp-contact-plugin-stored-xss	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:get-simple:getsimplecms:1.1.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-01-21 18:16

Updated : 2026-03-06 20:10

NVD link : CVE-2021-47870

Mitre link : CVE-2021-47870

CVE.ORG link : CVE-2021-47870

JSON object : View

Products Affected

get-simple

getsimplecms

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2021-47870", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.4, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-21T18:16:19.423", "references": [{"url": "http://get-simple.info", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/GetSimpleCMS/GetSimpleCMS", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/boku7/gsSMTP-Csrf2Xss2RCE/", "tags": ["Exploit", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/49798", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/getsimple-cms-my-smtp-contact-plugin-stored-xss", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary client-side code that executes in the administrator's browser when visiting a malicious page."}, {"lang": "es", "value": "GetSimple CMS My SMTP Contact Plugin 1.1.2 sufre de una vulnerabilidad de Cross-Site Scripting Almacenado (XSS). El plugin intenta sanear la entrada del usuario usando htmlspecialchars(), pero esto puede ser eludido al pasar caracteres peligrosos como bytes hexadecimales escapados. Esto permite a los atacantes inyectar c\u00f3digo arbitrario del lado del cliente que se ejecuta en el navegador del administrador al visitar una p\u00e1gina maliciosa."}], "lastModified": "2026-03-06T20:10:06.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:get-simple:getsimplecms:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFAD6649-3FFE-4EBC-9AB6-89BCB1A586A0"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}