A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
PUBLISHED5.1CWE-79CWE-94
westboy CicadasCMS Template Management TemplateFileServiceImpl.java save cross site scripting
Problem type
Affected products
westboy
CicadasCMS
2431154dac8d0735e04f1fd2a3c3556668fc8dab - AFFECTED
References
VDB-327170 | westboy CicadasCMS Template Management TemplateFileServiceImpl.java save cross site scripting
https://vuldb.com/?id.327170
VDB-327170 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.327170
Submit #659789 | https://gitee.com/westboy/CicadasCMS/branches CicadasCMS v1.0 Cross Site Scripting
https://vuldb.com/?submit.659789
github.com
https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.md
GitHub Security Advisories
GHSA-fjfr-qh36-wf3q
A vulnerability was determined in westboy CicadasCMS up to...
https://github.com/advisories/GHSA-fjfr-qh36-wf3qA vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2025-11289
github.com
https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.md
vuldb.com
https://vuldb.com/?ctiid.327170
vuldb.com
https://vuldb.com/?id.327170
vuldb.com
https://vuldb.com/?submit.659789
github.com
https://github.com/advisories/GHSA-fjfr-qh36-wf3q
JSON source
Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2025-11289",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2025-10-06T14:15:52.128Z",
"dateReserved": "2025-10-04T18:25:27.740Z",
"datePublished": "2025-10-05T10:32:05.111Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2025-10-05T10:32:05.111Z"
},
"title": "westboy CicadasCMS Template Management TemplateFileServiceImpl.java save cross site scripting",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized."
},
{
"lang": "de",
"value": "In westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab wurde eine Schwachstelle gefunden. Dies betrifft die Funktion Save der Datei src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java der Komponente Template Management Page. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."
}
],
"affected": [
{
"vendor": "westboy",
"product": "CicadasCMS",
"modules": [
"Template Management Page"
],
"versions": [
{
"version": "2431154dac8d0735e04f1fd2a3c3556668fc8dab",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Cross Site Scripting",
"cweId": "CWE-79",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Code Injection",
"cweId": "CWE-94",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.327170",
"name": "VDB-327170 | westboy CicadasCMS Template Management TemplateFileServiceImpl.java save cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.327170",
"name": "VDB-327170 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.659789",
"name": "Submit #659789 | https://gitee.com/westboy/CicadasCMS/branches CicadasCMS v1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.md",
"tags": [
"exploit"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"baseScore": 2.4,
"baseSeverity": "LOW"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"baseScore": 2.4,
"baseSeverity": "LOW"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"baseScore": 3.3
}
}
],
"timeline": [
{
"time": "2025-10-04T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2025-10-04T02:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2025-10-04T20:30:37.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "xmttz (VulDB User)",
"type": "reporter"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-10-06T14:15:52.128Z"
},
"title": "CISA ADP Vulnrichment",
"references": [
{
"url": "https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.md",
"tags": [
"exploit"
]
}
],
"metrics": [
{}
]
}
]
}
}