CVE-2025-63588

Published: Nov 6, 2025

Modified: Nov 6, 2025

PUBLISHED

Description

An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request (e.g., a maliciously crafted POST login). Successful exploitation may lead to theft of session cookies, credential disclosure, or other client-side impacts.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://helloandrewpaul.medium.com/reflected-xss-in-login-form-email-password-fields-vvveb-cms-v1-0-7-2-18800186804d

https://github.com/cybercrewinc/CVE-2025-63588

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-63588

Description

Affected Products

References