Windu CMS Cross-Site Request Forgery Vulnerability in User Editing Functionality

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Windu CMS version 4.1, allowing attackers to delete users by sending a crafted POST request. The vulnerability exploits the user editing feature, where the CSRF protection mechanism can be bypassed using another user's CSRF token. Although the vendor was notified about this issue, no details regarding the vulnerability or affected version range were provided, leaving open the possibility that other versions may also be vulnerable.

Impact

Exploitation of this vulnerability allows for unauthorized user deletions, potentially disrupting user management and access control within the application.

Added: Nov 18, 2025, 3:23 PM

Updated: Nov 18, 2025, 3:23 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.5

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.5

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Windu CMS Cross-Site Request Forgery Vulnerability in User Editing Functionality

Vulnerability

Impact

Affected Products

JCD Windu CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating