89 matches found
CVE-2025-59112 Cross-Site Request Forgery in Windu CMS
Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send POST request that deletes given user. Only version 4.1 was tested and confirmed as vulnerable. This issue wa...
CVE-2025-59113 Bruteforce Protection Bypass in Windu CMS
Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...
CVE-2025-59114 Cross-Site Request Forgery in Windu CMS
Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send malicious file to the server. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixe...
CVE-2025-59114 Cross-Site Request Forgery in Windu CMS
Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send malicious file to the server. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixe...
CVE-2025-59114
Windu CMS is affected by a Cross-Site Request Forgery vulnerability in the file uploading functionality. The issue allows an attacker to trigger a victim’s browser to send a malicious file upload request, potentially elevating impact to the server when authenticated. Only version 4.1 was tested a...
CVE-2025-59113 Bruteforce Protection Bypass in Windu CMS
Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...
CVE-2025-59113
Windu CMS vulnerability CVE-2025-59113 affects the 4.1 line. The issue stems from weak client-side brute-force protection that relies on a loginError parameter, with no server-side tracking of attempts or timeouts. This allows bypass of protection, enabling brute-force attempts. Affected: Windu C...
EUVD-2025-197999
Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. The vendor was notified early...
CVE-2025-59112 Cross-Site Request Forgery in Windu CMS
Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send POST request that deletes given user. Only version 4.1 was tested and confirmed as vulnerable. This issue wa...
CVE-2025-59112
Windu CMS is vulnerable to Cross-Site Request Forgery (CSRF) in the user editing feature. An attacker could lure a victim to visit a crafted site that issues a forged POST request to delete a user (CSRF token of another user can bypass protections). Only version 4.1 was tested and confirmed vulne...
CVE-2025-59110 Cross-Site Request Forgery in Windu CMS
Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account. Only version 4.1 was tested and confirme...
CVE-2025-59110 Cross-Site Request Forgery in Windu CMS
Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account. Only version 4.1 was tested and confirme...
CVE-2025-59110
CVE-2025-59110: Windu CMS is affected by a Cross-Site Request Forgery in the user editing functionality. The fix relies on CSRF protection, but the protection can be bypassed using a CSRF token from another user. Open registration means attacker possibilities may be broader. Affected: Windu CMS v...
Windu CMS 跨站脚本漏洞
Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A cross-site scripting vulnerability exists in Windu CMS version 4.1 that stems from insufficient input validation and could lead to a stored cross-site scripting attack...
PT-2025-47309
Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS has a flaw related to access control in the user editing feature. An attacker with sufficient privileges can send a GET request to delete Super Admins, a...
PT-2025-47314
Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS is susceptible to User Enumeration. During the login process, differing messages can reveal whether a login attempt is valid, potentially enabling a brute...
Windu CMS 安全漏洞
Windu CMS Windu CMS is a lightweight web content management system CMS. A security vulnerability exists in Windu CMS version 4.1, which stems from improper access control and could result in a privileged user deleting the Super Administrator...
PT-2025-47312
Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS is susceptible to a Cross-Site Request Forgery CSRF issue within its file uploading functionality. A malicious actor can create a specially crafted website...
Windu CMS 跨站请求伪造漏洞
Windu CMS Windu CMS is a lightweight web content management system CMS from Windu Inc. A cross-site request forgery vulnerability exists in Windu CMS version 4.1, which stems from a CSRF protection mechanism that can be bypassed, potentially leading to cross-site request forgery attacks...
PT-2025-47308
Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS has a flaw that allows attackers to perform Cross-Site Request Forgery CSRF attacks in the user editing functionality. The existing CSRF protection can be...