CVE-2025-12330

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Willow CMS versions prior to 1.4.1

Description A security flaw exists in Willow CMS that allows for cross site scripting. The issue is related to the processing of the file '/admin/articles/add' within the Add Post Page component. Manipulation of the title or body argument can trigger the flaw. The attack can be launched remotely and the exploit has been publicly released.

Recommendations Update Willow CMS to version 1.4.1 or later.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-12330

Affected Products

Willow Cms

CVE-2025-12330

Weakness Enumeration

Related Identifiers

Affected Products

References · 10