CVE-2025-59113 — CVSS 7.5 (high): Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is…
CVE-2025-59110 — CVSS 6.5 (medium): Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed…
CVE-2025-59111 — CVSS 6.5 (medium): Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious attacker can send a GET request which allows…
CVE-2025-59112 — CVSS 6.5 (medium): Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious attacker can craft special website, which…
CVE-2025-59114 — CVSS 6.5 (medium): Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft special website, which…
CVE-2013-7474 — CVSS 6.1 (medium): Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users.
CVE-2025-59115 — CVSS 5.4 (medium): Windu CMS is vulnerable to Stored Cross-Site Scripting (XSS) in the logon page where input data has no proper validation. Malicious…
CVE-2025-59116 — CVSS 5.3 (medium): Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to…
CVE-2025-59117 — CVSS 4.8 (medium): Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the page editing endpoint windu/admin/content/pages…