Cicadascms
Monthly
Reflected cross-site scripting in westboy CicadasCMS allows remote unauthenticated attackers to inject arbitrary JavaScript into a victim's browser via the unvalidated 's' search parameter in the Search function. All code up to and including commit 2431154dac8d0735e04f1fd2a3c3556668fc8dab is affected, with no patch released as of analysis - the vendor has not responded to the responsible disclosure. A publicly available exploit exists (CVSS E:P confirmed), elevating the urgency despite the moderate CVSS base score of 4.3.
Stored cross-site scripting (XSS) in westboy CicadasCMS Template Management Page allows high-privileged users to inject malicious scripts via the Save function in TemplateFileServiceImpl.java, affecting downstream users who interact with stored templates. The vulnerability requires high privileges and user interaction but carries CVSS 1.9 due to minimal integrity impact; however, publicly available exploit code exists, indicating real disclosure despite extremely low exploitation probability (EPSS 0.03%).
A vulnerability classified as critical was found in westboy CicadasCMS 2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in westboy CicadasCMS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in westboy CicadasCMS 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as problematic, has been found in westboy CicadasCMS 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Reflected cross-site scripting in westboy CicadasCMS allows remote unauthenticated attackers to inject arbitrary JavaScript into a victim's browser via the unvalidated 's' search parameter in the Search function. All code up to and including commit 2431154dac8d0735e04f1fd2a3c3556668fc8dab is affected, with no patch released as of analysis - the vendor has not responded to the responsible disclosure. A publicly available exploit exists (CVSS E:P confirmed), elevating the urgency despite the moderate CVSS base score of 4.3.
Stored cross-site scripting (XSS) in westboy CicadasCMS Template Management Page allows high-privileged users to inject malicious scripts via the Save function in TemplateFileServiceImpl.java, affecting downstream users who interact with stored templates. The vulnerability requires high privileges and user interaction but carries CVSS 1.9 due to minimal integrity impact; however, publicly available exploit code exists, indicating real disclosure despite extremely low exploitation probability (EPSS 0.03%).
A vulnerability classified as critical was found in westboy CicadasCMS 2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in westboy CicadasCMS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in westboy CicadasCMS 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as problematic, has been found in westboy CicadasCMS 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.