CVE-2025-11069 MEDIUM

CVE-2025-11069: westboy CicadasCMS Add Department save cross site scripting

Vendor Westboy

Product CicadasCMS

Weakness CWE-79 · XSS

Published September 27, 2025

Last update September 29, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was determined in westboy CicadasCMS 1.0. Affected by this issue is some unknown functionality of the file /system/org/save of the component Add Department Handler. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Key dates

02Disclosure timeline

September 27, 2025 CVE published

September 29, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-11069 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-23609 WordPress Tagesteller plugin <= v.1.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-34452 Grav vulnerable to Self Cross Site Scripting in /forgot_password CVE-2021-24665 WP Video Lightbox < 1.9.3 - Contributor+ Stored Cross-Site Scripting CVE-2025-30970 WordPress Easy Contact plugin <= 0.1.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-4022 Show Posts list <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode