| Title | https://gitee.com/westboy/CicadasCMS/branches CicadasCMS v1.0 Cross Site Scripting |
|---|
| Description | A stored cross-site scripting (XSS) vulnerability exists in CicadasCMS v1.0 that arises from the system not adequately filtering and escaping user input data before it is stored on the server. Attackers can persistently store malicious code on the server by submitting malicious script content (system administration - template management). When other users access pages containing malicious content, the script will be executed in their browsers, which may lead to risks such as session hijacking, sensitive information leakage (such as stolen cookies), malicious operation simulation, or page content tampering |
|---|
| Source | ⚠️ https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.md |
|---|
| User | xmttz (UID 89920) |
|---|
| Submission | 09/22/2025 07:41 (7 months ago) |
|---|
| Moderation | 10/04/2025 20:25 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 327170 [westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab Template Management Page TemplateFileServiceImpl.java save cross site scripting] |
|---|
| Points | 20 |
|---|