← voltar
CVE-2025-11289

westboy CicadasCMS Template Management TemplateFileServiceImpl.java save cross site scripting

CVSS 4.8 MEDIUMEPSS 0.3%CWE-79CWE-94
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.8EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
05 out 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Produtos afetados
westboy · CicadasCMS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.mdhttps://vuldb.com/?ctiid.327170https://vuldb.com/?id.327170https://vuldb.com/?submit.659789https://vuldb.com/?submit.709804