Lucene search
K
WinduWindu Cms

10 matches found

CVE
CVE
added 2019/08/01 2:19 p.m.38 views

CVE-2013-7474

Windu CMS 2.2 is affected by a Cross-Site Scripting (XSS) vulnerability. The flaw allows injection via the name parameter in admin/content/edit or admin/content/add, or via the username parameter in admin/users. The NVD records show a CVSS base score of 4.3 (CS: Partial integrity impact, Network ...

6.1CVSS5.9AI score0.00826EPSS
Web
CVE
CVE
added 2019/08/01 2:21 p.m.35 views

CVE-2013-7473

Windu CMS 2.2 is affected by a CSRF vulnerability that allows an attacker to add an admin account via admin/users/?mn=admin.message.error. The connected sources confirm the scenario but do not provide a concrete remediation or patched version in the provided documents. Exploitation status or in-t...

8.8CVSS8.6AI score0.00614EPSS
Web
CVE
CVE
added 2025/11/18 1:26 p.m.23 views

CVE-2025-59112

Windu CMS is vulnerable to Cross-Site Request Forgery (CSRF) in the user editing feature. An attacker could lure a victim to visit a crafted site that issues a forged POST request to delete a user (CSRF token of another user can bypass protections). Only version 4.1 was tested and confirmed vulne...

6.5CVSS6.1AI score0.00121EPSS
CVE
CVE
added 2025/11/18 1:26 p.m.17 views

CVE-2025-59110

CVE-2025-59110: Windu CMS is affected by a Cross-Site Request Forgery in the user editing functionality. The fix relies on CSRF protection, but the protection can be bypassed using a CSRF token from another user. Open registration means attacker possibilities may be broader. Affected: Windu CMS v...

6.8CVSS6.2AI score0.0015EPSS
CVE
CVE
added 2025/11/18 1:26 p.m.14 views

CVE-2025-59113

Windu CMS vulnerability CVE-2025-59113 affects the 4.1 line. The issue stems from weak client-side brute-force protection that relies on a loginError parameter, with no server-side tracking of attempts or timeouts. This allows bypass of protection, enabling brute-force attempts. Affected: Windu C...

7.5CVSS6AI score0.00243EPSS
CVE
CVE
added 2025/11/18 1:26 p.m.14 views

CVE-2025-59114

Windu CMS is affected by a Cross-Site Request Forgery vulnerability in the file uploading functionality. The issue allows an attacker to trigger a victim’s browser to send a malicious file upload request, potentially elevating impact to the server when authenticated. Only version 4.1 was tested a...

6.5CVSS6.1AI score0.0015EPSS
CVE
CVE
added 2025/11/18 1:26 p.m.14 views

CVE-2025-59116

Windu CMS (v4.1) is vulnerable to User Enumeration during login, where login-response differences enable brute-force validation of usernames. Only v4.1 was tested as vulnerable; fix is available in v4.1 build 2250. Affected components, root cause (message-based distinction on login) and impact (f...

6.9CVSS6AI score0.00213EPSS
CVE
CVE
added 2025/11/18 1:26 p.m.13 views

CVE-2025-59111

CVE-2025-59111 : Windu CMS is affected by Broken Access Control in the user editing functionality. A privileged attacker can issue a GET request to delete Super Admins, an action not possible via the GUI. The issue has been tested only on version 4.1 and is fixed in version 4.1 build 2250. Other ...

6.9CVSS6AI score0.00256EPSS
CVE
CVE
added 2025/11/18 1:26 p.m.13 views

CVE-2025-59117

Windu CMS is affected by multiple Stored XSS vulnerabilities in the page editing endpoint windu/admin/content/pages/edit/. The flaws can be exploited by a privileged user and may affect users with higher privileges. This CVE entry pertains to Windu CMS 4.1, with tests confirming vulnerability in ...

4.8CVSS5.4AI score0.00163EPSS
CVE
CVE
added 2025/11/18 1:26 p.m.11 views

CVE-2025-59115

Windu CMS (affected: version 4.1) is vulnerable to Stored Cross-Site Scripting on the logon page due to input data lacking proper validation. A malicious actor can inject arbitrary HTML/JS that executes when an admin visits the logs page. Only version 4.1 was tested; fix is available in 4.1 build...

5.4CVSS5AI score0.0015EPSS