PT-2025-41568 · Unknown · Publii Cms
Kasiasok
·
Published
2025-10-10
·
Updated
2025-10-10
·
CVE-2025-60869
CVSS v3.1
7.3
High
| Vector | AC:L/AV:N/A:N/C:H/I:H/PR:L/S:U/UI:R |
Name of the Vulnerable Software and Affected Versions
Publii CMS version 0.46.5 (build 17089)
Description
Publii CMS version 0.46.5 (build 17089) contains a persistent Cross-Site Scripting (XSS) flaw. This occurs because input in configuration fields, such as “Site Description” and “Footer Follow Buttons”, is not properly sanitized. An attacker can inject arbitrary JavaScript code into these fields. This code is stored within the project and executed in the browsers of visitors accessing the generated static site. The vulnerable configuration fields include “Site Description” and “Footer Follow Buttons”.
Recommendations
Update to a newer version that contains a fix for this vulnerability.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Publii Cms