CVE-2025-11289 🔵 Low

CVE-2025-11289: Remote Cross-Site Scripting in westboy CicadasCMS

A cross-site scripting vulnerability in westboy CicadasCMS allows remote attacks via manipulation of the Template Management Page. The exploit is publicly disclosed.

CVE ID

CVE-2025-11289

CVSS Score

2.4

Vendor

unknown

Published

Oct 05

A vulnerability was identified in westboy CicadasCMS up to version 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The issue lies in the Save function of the TemplateFileServiceImpl.java file, which enables cross-site scripting attacks remotely. This exploit has been publicly disclosed and can be utilized.

Vulnerability Details

CVE ID: CVE-2025-11289
Severity: Low
CVSS v3 Score: 2.4 / 10.0
Affected Vendor: unknown
Publication Date: October 05, 2025

External Resources

NIST NVD Database
MITRE CVE

Need Help?

Protect your infrastructure with our comprehensive security scanning tools.

Explore Security Scanners

Back to CVE Database