प्लेटफ़ॉर्म
php
घटक
code-projects-simple-content-management-system
में ठीक किया गया
1.0.1
A cross-site scripting (XSS) vulnerability has been discovered in Simple Content Management System versions 1.0.0 through 1.0. This flaw resides within the /web/admin/welcome.php file, specifically concerning the handling of the 'News Title' argument. Successful exploitation allows an attacker to inject malicious scripts, potentially impacting administrative users. A patch is expected to resolve this issue.
The primary impact of CVE-2026-6184 is the potential for cross-site scripting (XSS) attacks. An attacker could inject malicious JavaScript code into the 'News Title' field within the administrative interface (/web/admin/welcome.php). When another administrator views this page, the injected script would execute in their browser context. This could lead to session hijacking, redirection to malicious websites, or the theft of sensitive information, such as login credentials or administrative data. The remote nature of the vulnerability means an attacker does not need local access to exploit it.
CVE-2026-6184 has been publicly disclosed and a proof-of-concept (PoC) is available, indicating a higher risk of exploitation. The vulnerability is rated as LOW severity according to CVSS v2.4. It is currently not listed on CISA KEV. Active campaigns targeting this specific vulnerability are not yet confirmed, but the availability of a PoC increases the likelihood of exploitation attempts.
Administrators of Simple Content Management System instances running versions 1.0.0 through 1.0 are at direct risk. Shared hosting environments utilizing this CMS are particularly vulnerable, as a compromised account could potentially impact other websites hosted on the same server. Those who have not implemented robust input validation practices are also at increased risk.
• php / server:
grep -r "News Title" /var/www/html/web/admin/welcome.php• generic web:
curl -I http://your-website.com/web/admin/welcome.php?News+Title=<script>alert(1)</script>disclosure
एक्सप्लॉइट स्थिति
EPSS
0.03% (9% शतमक)
CISA SSVC
CVSS वेक्टर
The immediate mitigation for CVE-2026-6184 is to upgrade to a patched version of Simple Content Management System as soon as it becomes available. Until a patch is released, consider implementing input validation and sanitization on the 'News Title' field to prevent the injection of malicious scripts. Web application firewalls (WAFs) configured to detect and block XSS payloads targeting the /web/admin/welcome.php endpoint can provide an additional layer of protection. Carefully review any third-party plugins or extensions for potential vulnerabilities that could be exploited in conjunction with this XSS flaw.
Simple Content Management System को एक ठीक किए गए संस्करण में अपडेट करें। उपलब्ध अपडेट के बारे में जानकारी के लिए विक्रेता की वेबसाइट या समुदाय फ़ोरम की जाँच करें। एक अस्थायी उपाय के रूप में, आप 'News Title' इनपुट को अक्षम कर सकते हैं या दुर्भावनापूर्ण कोड इंजेक्शन को रोकने के लिए सख्त इनपुट सत्यापन लागू कर सकते हैं।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-6184 is a cross-site scripting (XSS) vulnerability affecting Simple Content Management System versions 1.0.0–1.0, allowing attackers to inject malicious scripts via the News Title parameter.
You are affected if you are running Simple Content Management System version 1.0.0–1.0 and have not applied a patch or implemented mitigating controls.
Upgrade to a patched version of Simple Content Management System as soon as it becomes available. Until then, implement input validation and consider using a WAF.
While active campaigns are not confirmed, a public proof-of-concept exists, increasing the risk of exploitation.
Refer to the Simple Content Management System website or security mailing list for the official advisory regarding CVE-2026-6184.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।