CVE-2025-65840

High CVSS: 8.8

PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.

Vendor

Product

CWE

Yayın Tarihi

2025-12-01 21:15:52

Güncelleme

2025-12-04 18:58:21

Source Identifier

cve@mitre.org

KEV Date Added

CWE-352 Publiccms HIGH Publiccms 2025

https://github.com/Hyperkopite/PublicCMS_Vulns/blob/main/CSRF_1.md https://github.com/sanluan/PublicCMS/issues/102 https://github.com/Hyperkopite/PublicCMS_Vulns/blob/main/CSRF_1.md

High

CVE-2025-69437

PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass…

Medium

CVE-2026-3289

A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the function saveMetadata of the file Templ…

Low

CVE-2026-2010

A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function P…

Medium

CVE-2026-1112

A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-t…

Medium

CVE-2026-1111

A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/pub…

Medium

CVE-2025-65837

PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module.