CVE-2025-59117

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS (affected versions not specified)

Description Windu CMS has multiple Stored Cross-Site Scripting (XSS) issues in the page editing endpoint ''/windu/admin/content/pages/edit/''. A user with privileges can exploit this to potentially target users with higher privileges. The vendor was notified but did not provide details about vulnerable versions.

Recommendations Update to a newer version of Windu CMS that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.