8 matches found
CVE-2025-60869
Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...
CVE-2025-60869
Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...
PT-2025-41568
Name of the Vulnerable Software and Affected Versions Publii CMS version 0.46.5 build 17089 Description Publii CMS version 0.46.5 build 17089 contains a persistent Cross-Site Scripting XSS flaw. This occurs because input in configuration fields, such as “Site Description” and “Footer Follow...
Publii CMS 安全漏洞
Publii CMS is a static website generator from the Polish company Publii. A security vulnerability exists in Publii CMS version v0.46.5, which stems from an uncleaned configuration field input and could lead to a stored cross-site scripting attack...
CVE-2025-60869
Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...
EUVD-2025-33728
Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...
CVE-2025-60869
Publii CMS v0.46.5 (build 17089) is affected by a stored XSS in configuration fields (e.g., Site Description, Footer Follow Buttons). The issue arises from unsanitized input, allowing injected JavaScript to be stored in the project and executed in visitors’ browsers when viewing the generated sta...
CVE-2025-60869
Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...