Lucene search
+L

89 matches found

cvelist
cvelist
added 2025/11/18 1:26 p.m.9 views

CVE-2025-59112 Cross-Site Request Forgery in Windu CMS

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send POST request that deletes given user. Only version 4.1 was tested and confirmed as vulnerable. This issue wa...

5.1CVSS0.00124EPSS
Exploits0References2
cvelist
cvelist
added 2025/11/18 1:26 p.m.15 views

CVE-2025-59113 Bruteforce Protection Bypass in Windu CMS

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

6.9CVSS0.00249EPSS
Exploits0References2
cvelist
cvelist
added 2025/11/18 1:26 p.m.8 views

CVE-2025-59114 Cross-Site Request Forgery in Windu CMS

Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send malicious file to the server. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixe...

5.1CVSS0.00124EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/11/18 1:26 p.m.2 views

CVE-2025-59114 Cross-Site Request Forgery in Windu CMS

Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send malicious file to the server. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixe...

5.1CVSS6.1AI score0.00154EPSS
Exploits0References2
cve
cve
added 2025/11/18 1:26 p.m.16 views

CVE-2025-59114

Windu CMS is affected by a Cross-Site Request Forgery vulnerability in the file uploading functionality. The issue allows an attacker to trigger a victim’s browser to send a malicious file upload request, potentially elevating impact to the server when authenticated. Only version 4.1 was tested a...

6.5CVSS6.1AI score0.00154EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2025/11/18 1:26 p.m.2 views

CVE-2025-59113 Bruteforce Protection Bypass in Windu CMS

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

6.9CVSS6AI score0.00249EPSS
Exploits0References2
cve
cve
added 2025/11/18 1:26 p.m.16 views

CVE-2025-59113

Windu CMS vulnerability CVE-2025-59113 affects the 4.1 line. The issue stems from weak client-side brute-force protection that relies on a loginError parameter, with no server-side tracking of attempts or timeouts. This allows bypass of protection, enabling brute-force attempts. Affected: Windu C...

7.5CVSS6AI score0.00249EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2025/11/18 1:26 p.m.5 views

EUVD-2025-197999

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. The vendor was notified early...

6.9CVSS6.2AI score0.00249EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/11/18 1:26 p.m.1 views

CVE-2025-59112 Cross-Site Request Forgery in Windu CMS

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send POST request that deletes given user. Only version 4.1 was tested and confirmed as vulnerable. This issue wa...

5.1CVSS6.1AI score0.00154EPSS
Exploits0References2
cve
cve
added 2025/11/18 1:26 p.m.27 views

CVE-2025-59112

Windu CMS is vulnerable to Cross-Site Request Forgery (CSRF) in the user editing feature. An attacker could lure a victim to visit a crafted site that issues a forged POST request to delete a user (CSRF token of another user can bypass protections). Only version 4.1 was tested and confirmed vulne...

6.5CVSS6.1AI score0.00154EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2025/11/18 1:26 p.m.11 views

CVE-2025-59110 Cross-Site Request Forgery in Windu CMS

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account. Only version 4.1 was tested and confirme...

6.8CVSS0.00154EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/11/18 1:26 p.m.2 views

CVE-2025-59110 Cross-Site Request Forgery in Windu CMS

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account. Only version 4.1 was tested and confirme...

6.8CVSS6.2AI score0.00154EPSS
Exploits0References2
cve
cve
added 2025/11/18 1:26 p.m.19 views

CVE-2025-59110

CVE-2025-59110: Windu CMS is affected by a Cross-Site Request Forgery in the user editing functionality. The fix relies on CSRF protection, but the protection can be bypassed using a CSRF token from another user. Open registration means attacker possibilities may be broader. Affected: Windu CMS v...

6.8CVSS6.2AI score0.00154EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2025/11/18 12:0 a.m.6 views

Windu CMS 跨站脚本漏洞

Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A cross-site scripting vulnerability exists in Windu CMS version 4.1 that stems from insufficient input validation and could lead to a stored cross-site scripting attack...

4.8CVSS5.7AI score0.00167EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2025/11/18 12:0 a.m.5 views

PT-2025-47309

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS has a flaw related to access control in the user editing feature. An attacker with sufficient privileges can send a GET request to delete Super Admins, a...

6.9CVSS6.6AI score0.00262EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2025/11/18 12:0 a.m.6 views

PT-2025-47314

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS is susceptible to User Enumeration. During the login process, differing messages can reveal whether a login attempt is valid, potentially enabling a brute...

6.9CVSS6.4AI score0.00218EPSS
Exploits0References6
cnnvd
cnnvd
added 2025/11/18 12:0 a.m.5 views

Windu CMS 安全漏洞

Windu CMS Windu CMS is a lightweight web content management system CMS. A security vulnerability exists in Windu CMS version 4.1, which stems from improper access control and could result in a privileged user deleting the Super Administrator...

6.9CVSS6.4AI score0.00262EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2025/11/18 12:0 a.m.5 views

PT-2025-47312

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS is susceptible to a Cross-Site Request Forgery CSRF issue within its file uploading functionality. A malicious actor can create a specially crafted website...

6.8CVSS6.6AI score0.00154EPSS
Exploits0References7
cnnvd
cnnvd
added 2025/11/18 12:0 a.m.12 views

Windu CMS 跨站请求伪造漏洞

Windu CMS Windu CMS is a lightweight web content management system CMS from Windu Inc. A cross-site request forgery vulnerability exists in Windu CMS version 4.1, which stems from a CSRF protection mechanism that can be bypassed, potentially leading to cross-site request forgery attacks...

6.8CVSS6.5AI score0.00154EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2025/11/18 12:0 a.m.7 views

PT-2025-47308

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS has a flaw that allows attackers to perform Cross-Site Request Forgery CSRF attacks in the user editing functionality. The existing CSRF protection can be...

6.8CVSS6.6AI score0.00154EPSS
Exploits0References12
Rows per page
Query Builder