{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-11289","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-10-04T18:25:27.740Z","datePublished":"2025-10-05T10:32:05.111Z","dateUpdated":"2026-02-24T06:40:59.852Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-02-24T06:40:59.852Z"},"title":"westboy CicadasCMS Template Management TemplateFileServiceImpl.java save cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"Cross Site Scripting"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"Code Injection"}]}],"affected":[{"vendor":"westboy","product":"CicadasCMS","versions":[{"version":"2431154dac8d0735e04f1fd2a3c3556668fc8dab","status":"affected"}],"cpes":["cpe:2.3:a:westboy:cicadascms:*:*:*:*:*:*:*:*"],"modules":["Template Management Page"]}],"descriptions":[{"lang":"en","value":"A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":4.8,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":2.4,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":2.4,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":3.3,"vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-10-04T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-10-04T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-01-16T18:37:47.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"xmttz (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.327170","name":"VDB-327170 | westboy CicadasCMS Template Management TemplateFileServiceImpl.java save cross site scripting","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.327170","name":"VDB-327170 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.659789","name":"Submit #659789 | https://gitee.com/westboy/CicadasCMS/branches CicadasCMS v1.0 Cross Site Scripting","tags":["third-party-advisory"]},{"url":"https://vuldb.com/?submit.709804","name":"Submit #709804 | CicadasCMS 1.0 Code Injection (Duplicate)","tags":["third-party-advisory"]},{"url":"https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.md","tags":["exploit"]}]},"adp":[{"references":[{"url":"https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.md","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-06T14:10:27.861463Z","id":"CVE-2025-11289","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-06T14:15:52.128Z"}}]}}