CVE-2025-59113

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

CVE-2025-59113 Bruteforce Protection Bypass in Windu CMS

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

CVE-2025-59113

Windu CMS vulnerability CVE-2025-59113 affects the 4.1 line. The issue stems from weak client-side brute-force protection that relies on a loginError parameter, with no server-side tracking of attempts or timeouts. This allows bypass of protection, enabling brute-force attempts. Affected: Windu C...

PT-2025-47311

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS has a weak client-side brute-force protection mechanism. The system utilizes the loginError parameter, but does not store attempt counts or timeouts...

EUVD-2009-3687

Malware in sbrugna...

Cross site scripting

Cross-site scripting XSS vulnerability in adminlogin.php in MCshoutbox 1.1 allows remote attackers to inject arbitrary web script or HTML via the loginerror parameter...