CVE-2025-11289 MEDIUM

CVE-2025-11289: westboy CicadasCMS Template Management TemplateFileServiceImpl.java save cross site scripting

Vendor Westboy

Product CicadasCMS

Weakness CWE-79 · XSS

Published October 5, 2025

Last update February 24, 2026

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

Key dates

Disclosure timeline

October 5, 2025 CVE published

February 24, 2026 Record updated

Identifiers

CVE CVE-2025-11289

CWE CWE-79

CVSS 4.8 / MEDIUM

Affected versions

Vendor Westboy

Product CicadasCMS

Affected 2431154dac8d0735e04f1fd2a3c3556668fc8dab