Primary

Context

PublicCMS Cross-Site Scripting Vulnerability in Content Search Module

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in PublicCMS version 5.202506.b, specifically within the Content Search module. This issue allows for the injection of malicious scripts that could be executed in the context of the user.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user.

Reproduction

To reproduce this vulnerability, create content with a name that includes malicious JavaScript. Once the content is saved, the injected script will execute when the Content Search module is accessed. This XSS can be leveraged by a low-privilege user to steal credentials from a super admin, such as the CSRF token, by sending a GET request to admin/index.html.

Added: Dec 22, 2025, 8:19 PM

Updated: Dec 22, 2025, 9:20 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.4

exploitability

6.5

remediation

0.0

relevance

1.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.4

exploitability

6.5

remediation

0.0

relevance

1.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PublicCMS Cross-Site Scripting Vulnerability in Content Search Module

Vulnerability

Impact

Reproduction

Affected Products

PublicCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating