Windu CMS Stored Cross-Site Scripting Vulnerability in Page Editing Endpoint

Vulnerability

A stored cross-site scripting vulnerability has been identified in Windu CMS version 4.1, specifically within the page editing endpoint. This issue allows a privileged user to inject malicious scripts that are executed when other users with higher privileges access the affected page. While the vendor was notified about this vulnerability, they did not provide details regarding the vulnerable version range. Only Windu CMS version 4.1 has been tested and confirmed as vulnerable, leaving the status of other versions uncertain.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.

Added: Nov 18, 2025, 3:20 PM

Updated: Nov 18, 2025, 3:20 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

5.2

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

5.2

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Windu CMS Stored Cross-Site Scripting Vulnerability in Page Editing Endpoint

Vulnerability

Impact

Affected Products

JCD Windu CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating