westboy CicadasCMS har 2431154dac8d0735e04f1fd2a3c3556668fc8dab Template Management Page TemplateFileServiceImpl.java save Cross Site Scripting

Hakika vulnerability da aka rarraba a matsayin karshewa an gano a westboy CicadasCMS har 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Tabbas, aikin Gada ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java, a cikin sashi Template Management Page. Wuro manipulation ga Cross Site Scripting. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-79. Lalle, rauni an sanar da shi 10/04/2025. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2025-11289. Ngam yiɗi ka a tuma ndiyam ka nder layi. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a github.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

4 Goyarwa · 98 Datenpunkte

FurɗeSúgá
10/04/2025 20:30		Gargadi 1/3
10/05/2025 13:48		Gargadi 2/3
10/05/2025 14:19		Gargadi 3/3
01/16/2026 18:37
cvss2_vuldb_ciNNNN
cvss2_vuldb_iiPPPP
cvss2_vuldb_aiNNNN
cvss2_vuldb_ePOCPOCPOCPOC
cvss2_vuldb_rcURURURUR
cvss4_vuldb_avNNNN
cvss4_vuldb_acLLLL
cvss4_vuldb_prHHHH
cvss4_vuldb_uiPPPP
cvss4_vuldb_vcNNNN
cvss4_vuldb_viLLLL
cvss4_vuldb_vaNNNN
cvss4_vuldb_ePPPP
cvss2_vuldb_rlNDNDNDND
cvss3_vuldb_rlXXXX
cvss4_vuldb_atNNNN
cvss4_vuldb_scNNNN
cvss4_vuldb_siNNNN
cvss4_vuldb_saNNNN
cvss2_vuldb_basescore3.33.33.33.3
cvss2_vuldb_tempscore2.82.82.82.8
cvss3_vuldb_basescore2.42.42.42.4
cvss3_vuldb_tempscore2.22.22.22.2
cvss3_meta_basescore2.42.42.43.4
cvss3_meta_tempscore2.22.32.33.3
cvss4_vuldb_bscore4.84.84.84.8
cvss4_vuldb_btscore1.91.91.91.9
advisory_date1759528800 (10/04/2025)1759528800 (10/04/2025)1759528800 (10/04/2025)1759528800 (10/04/2025)
price_0day$0-$5k$0-$5k$0-$5k$0-$5k
software_vendorwestboywestboywestboywestboy
software_nameCicadasCMSCicadasCMSCicadasCMSCicadasCMS
software_version<=2431154dac8d0735e04f1fd2a3c3556668fc8dab<=2431154dac8d0735e04f1fd2a3c3556668fc8dab<=2431154dac8d0735e04f1fd2a3c3556668fc8dab<=2431154dac8d0735e04f1fd2a3c3556668fc8dab
software_componentTemplate Management PageTemplate Management PageTemplate Management PageTemplate Management Page
software_filesrc/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.javasrc/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.javasrc/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.javasrc/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java
software_functionsavesavesavesave
vulnerability_cweCWE-79 (Cross Site Scripting)CWE-79 (Cross Site Scripting)CWE-79 (Cross Site Scripting)CWE-79 (Cross Site Scripting)
vulnerability_risk1111
cvss3_vuldb_avNNNN
cvss3_vuldb_acLLLL
cvss3_vuldb_prHHHH
cvss3_vuldb_uiRRRR
cvss3_vuldb_sUUUU
cvss3_vuldb_cNNNN
cvss3_vuldb_iLLLL
cvss3_vuldb_aNNNN
cvss3_vuldb_ePPPP
cvss3_vuldb_rcRRRR
advisory_urlhttps://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.mdhttps://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.mdhttps://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.mdhttps://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.md
exploit_availability1111
exploit_publicity1111
exploit_urlhttps://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.mdhttps://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.mdhttps://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.mdhttps://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.md
source_cveCVE-2025-11289CVE-2025-11289CVE-2025-11289CVE-2025-11289
cna_responsibleVulDBVulDBVulDBVulDB
cvss2_vuldb_avNNNN
cvss2_vuldb_acLLLL
cvss2_vuldb_auMMMM
cve_nvd_summaryA vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
cvss4_cna_avNNN
cvss4_cna_acLLL
cvss4_cna_atNNN
cvss4_cna_prHHH
cvss4_cna_uiPPP
cvss4_cna_vcNNN
cvss4_cna_viLLL
cvss4_cna_vaNNN
cvss4_cna_scNNN
cvss4_cna_siNNN
cvss4_cna_saNNN
cvss4_cna_bscore4.84.84.8
cvss3_cna_avNNN
cvss3_cna_acLLL
cvss3_cna_prHHH
cvss3_cna_uiRRR
cvss3_cna_sUUU
cvss3_cna_cNNN
cvss3_cna_iLLL
cvss3_cna_aNNN
cvss3_cna_basescore2.42.42.4
cvss2_cna_avNNN
cvss2_cna_acLLL
cvss2_cna_auMMM
cvss2_cna_ciNNN
cvss2_cna_iiPPP
cvss2_cna_aiNNN
cvss2_cna_basescore3.33.33.3
euvd_idEUVD-2025-32456EUVD-2025-32456
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cvss3_nvd_basescore5.4

GurɗoGumtiGada

Do you know our Splunk app?

Download it now for free!