Security Advisory

CVE-2025-59115

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-18 13:26:32

Last updated 2025-12-05 12:21:46

Assigner CERT-PL

State PUBLISHED

Description

Windu CMS is vulnerable to Stored Cross-Site Scripting (XSS) in the logon page where input data has no proper validation. Malicious attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting logs page by admin. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250.

← Browse all CVEs View on cve.org ↗