CVE-2025-5420

Name of the Vulnerable Software and Affected Versions juzaweb CMS versions up to 3.4.2

Description A problematic vulnerability was found in the Profile Page component of juzaweb CMS, specifically in the /admin-cp/file-manager/upload file. The issue is related to the manipulation of the Upload argument, which leads to cross-site scripting. This can be exploited remotely. The exploit has been publicly disclosed.

Recommendations For juzaweb CMS versions up to 3.4.2, as a temporary workaround, consider restricting access to the /admin-cp/file-manager/upload file until a patch is available. Avoid using the Upload argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.