CVE-2025-8116

Medium CVSS: 5.1

PAD CMS is vulnerable to Reflected XSS in printing and save to PDF functionality. Malicious attacker can craft special URL, which will result in arbitrary JavaScript execution in victim's browser, when opened. This issue affects all 3 templates: www, bip and www+bip.

This product is End-Of-Life and producent will not publish patches for this vulnerability.

Vendor

Widzialni

Product

Pad Cms

CWE

CWE-79

Yayın Tarihi

2025-09-30 11:37:43

Güncelleme

2025-11-26 14:41:54

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-79 Pad Cms MEDIUM Widzialni 2025

Referanslar

https://cert.pl/posts/2025/09/CVE-2025-7063

Benzer Kayıtlar

High

CVE-2025-8122

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQ…

Medium

CVE-2025-8118

PAD CMS implements weak client-side brute-force protection by utilizing two cookies: login_count and login_timeout. Inf…

Medium

CVE-2025-8119

PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious attacker can craft spec…

Critical

CVE-2025-8120

Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remo…

High

CVE-2025-8121

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQ…

Critical

CVE-2025-7063

Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remot…