CVE-2025-65837

Medium CVSS: 5.4

PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module.

Vendor

Product

CWE

Yayın Tarihi

2025-12-22 20:15:44

Güncelleme

2026-01-05 16:24:35

Source Identifier

cve@mitre.org

KEV Date Added

CWE-79 Publiccms MEDIUM Publiccms 2025

https://github.com/Hyperkopite/PublicCMS_Vulns/blob/main/XSS_1.md https://github.com/sanluan/PublicCMS/issues/100 https://github.com/Hyperkopite/PublicCMS_Vulns/blob/main/XSS_1.md

High

CVE-2025-69437

PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass…

Medium

CVE-2026-3289

A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file Templ…

Low

CVE-2026-2010

A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function P…

Medium

CVE-2026-1112

A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-t…

Medium

CVE-2026-1111

A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/pub…

High

CVE-2025-65840

PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.