CVE-2025-63589 — A reflected XSS vulnerability exists in CMSimple_XH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML (naviga — CVE Database · The Intelligence Room