CVE-2025-59117

Medium CVSS: 4.8

Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the page editing endpoint windu/admin/content/pages/edit/.
This vulnerability can be exploited by a privileged user and may target users with higher privileges.

Only version 4.1 was tested and confirmed as vulnerable.
This issue was fixed in version 4.1 build 2250.

Vendor

Windu

Product

Windu Cms

CWE

CWE-79

Yayın Tarihi

2025-11-18 15:16:34

Güncelleme

2025-12-05 13:16:04

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-79 Windu Cms MEDIUM Windu 2025

Referanslar

https://cert.pl/posts/2025/11/CVE-2025-59110 https://windu.org

Benzer Kayıtlar

Medium

CVE-2025-59116

Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow…

Medium

CVE-2025-59112

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious attacker can craft specia…

Medium

CVE-2025-59113

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt co…

Medium

CVE-2025-59114

Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft spec…

Medium

CVE-2025-59115

Windu CMS is vulnerable to Stored Cross-Site Scripting (XSS) in the logon page where input data has no proper validation…

Medium

CVE-2025-59110

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechani…