CVE-2025-8116 MEDIUM

CVE-2025-8116: Reflected XSS in PAD CMS

Vendor Polska Akademia Dostępności
Product PAD CMS
Weakness CWE-79 · XSS
Published September 30, 2025
Last update September 30, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

PAD CMS is vulnerable to Reflected XSS in printing and save to PDF functionality. Malicious attacker can craft special URL, which will result in arbitrary JavaScript execution in victim's browser, when opened. This issue affects all 3 templates: www, bip and www+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability.

Key dates

02Disclosure timeline

September 30, 2025 CVE published
September 30, 2025 Record updated