CVE-2025-15109

Name of the Vulnerable Software and Affected Versions jackq XCMS versions prior to 3fab5342cc509945a7ce1b8ec39d19f701b89261

Description A flaw exists in jackq XCMS that allows for unrestricted file upload. This issue impacts an unknown function within the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. The attack can be initiated remotely. The exploit for this issue has been published. The software utilizes a rolling release model, meaning specific version details for affected or updated releases are unavailable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.