Windu CMS Cross-Site Request Forgery Vulnerability in User Editing Functionality

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Windu CMS version 4.1, allowing attackers to bypass the implemented CSRF protection mechanism. This vulnerability arises from the ability to use another user's CSRF token, exploiting the open registration that permits anyone to create an account. The issue was reported to the vendor, but no details regarding the vulnerability or affected version range were provided.

Impact

Exploitation of this vulnerability allows for Cross-Site Request Forgery attacks, where an attacker can trick a user into performing actions they did not intend to.

Added: Nov 18, 2025, 3:23 PM

Updated: Nov 18, 2025, 3:23 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

6.2

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

6.2

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Windu CMS Cross-Site Request Forgery Vulnerability in User Editing Functionality

Vulnerability

Impact

Affected Products

JCD Windu CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating