CVE-2026-6184

CWE-79Cross-site Scripting (XSS)CWE-94Code Injection3 documents3 sources
Severity
4.8MEDIUM
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Code-projects Simple Content Management System
Timeline
PublishedApr 13

Description

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
code-projects Simple Content Management System welcome.php cross site scripting2026-04-13
GHSA
GHSA-65hr-68mj-9crm: A weakness has been identified in code-projects Simple Content Management System 12026-04-13
CVE-2026-6184 (MEDIUM CVSS 4.8) | A weakness has been identified in c | cvebase.io