CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-69437

PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can be triggered, resulting in issues such as credential theft, arbitrary API execution, and other security concerns. This vulnerability affects all file upload endpoint, including /cmsTemplate/save, /file/doUpload, /cmsTemplate/doUpload, /file/doBatchUpload, /cmsWebFile/doUpload, etc.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.7%

CVSS Severity

CVSS v3 Score 8.7

References

https://github.com/sanluan/PublicCMS/issues/103

Products affected by CVE-2025-69437

Publiccms » Publiccms » Version: 4.0

cpe:2.3:a:publiccms:publiccms:4.0
Publiccms » Publiccms » Version: 4.0.180707

cpe:2.3:a:publiccms:publiccms:4.0.180707
Publiccms » Publiccms » Version: 4.0.180825

cpe:2.3:a:publiccms:publiccms:4.0.180825
Publiccms » Publiccms » Version: 4.0.181024

cpe:2.3:a:publiccms:publiccms:4.0.181024
Publiccms » Publiccms » Version: 4.0.190312

cpe:2.3:a:publiccms:publiccms:4.0.190312
Publiccms » Publiccms » Version: 4.0.20180210

cpe:2.3:a:publiccms:publiccms:4.0.20180210
Publiccms » Publiccms » Version: 4.0.202004

cpe:2.3:a:publiccms:publiccms:4.0.202004
Publiccms » Publiccms » Version: 4.0.202011

cpe:2.3:a:publiccms:publiccms:4.0.202011
Publiccms » Publiccms » Version: 4.0.202011.b

cpe:2.3:a:publiccms:publiccms:4.0.202011.b
Publiccms » Publiccms » Version: 4.0.202107

cpe:2.3:a:publiccms:publiccms:4.0.202107
Publiccms » Publiccms » Version: 4.0.202107.b

cpe:2.3:a:publiccms:publiccms:4.0.202107.b
Publiccms » Publiccms » Version: 4.0.202107.c

cpe:2.3:a:publiccms:publiccms:4.0.202107.c
Publiccms » Publiccms » Version: 4.0.202107.d

cpe:2.3:a:publiccms:publiccms:4.0.202107.d
Publiccms » Publiccms » Version: 4.0.202107.f

cpe:2.3:a:publiccms:publiccms:4.0.202107.f
Publiccms » Publiccms » Version: 4.0.202204.a

cpe:2.3:a:publiccms:publiccms:4.0.202204.a
Publiccms » Publiccms » Version: 4.0.202204.b

cpe:2.3:a:publiccms:publiccms:4.0.202204.b
Publiccms » Publiccms » Version: 4.0.202204.c

cpe:2.3:a:publiccms:publiccms:4.0.202204.c
Publiccms » Publiccms » Version: 4.0.202204.d

cpe:2.3:a:publiccms:publiccms:4.0.202204.d
Publiccms » Publiccms » Version: 4.0.202302.a

cpe:2.3:a:publiccms:publiccms:4.0.202302.a
Publiccms » Publiccms » Version: 4.0.202302.b

cpe:2.3:a:publiccms:publiccms:4.0.202302.b
Publiccms » Publiccms » Version: 4.0.202302.c

cpe:2.3:a:publiccms:publiccms:4.0.202302.c
Publiccms » Publiccms » Version: 4.0.202302.d

cpe:2.3:a:publiccms:publiccms:4.0.202302.d
Publiccms » Publiccms » Version: 4.0.202302.e

cpe:2.3:a:publiccms:publiccms:4.0.202302.e
Publiccms » Publiccms » Version: 4.0.202406.e

cpe:2.3:a:publiccms:publiccms:4.0.202406.e
Publiccms » Publiccms » Version: 4.0.202406.f

cpe:2.3:a:publiccms:publiccms:4.0.202406.f
Publiccms » Publiccms » Version: 5.202302.a

cpe:2.3:a:publiccms:publiccms:5.202302.a
Publiccms » Publiccms » Version: 5.202302.b

cpe:2.3:a:publiccms:publiccms:5.202302.b
Publiccms » Publiccms » Version: 5.202302.c

cpe:2.3:a:publiccms:publiccms:5.202302.c
Publiccms » Publiccms » Version: 5.202302.d

cpe:2.3:a:publiccms:publiccms:5.202302.d
Publiccms » Publiccms » Version: 5.202302.e

cpe:2.3:a:publiccms:publiccms:5.202302.e
Publiccms » Publiccms » Version: 5.202406.d

cpe:2.3:a:publiccms:publiccms:5.202406.d
Publiccms » Publiccms » Version: 5.202406.f

cpe:2.3:a:publiccms:publiccms:5.202406.f
Publiccms » Publiccms » Version: 5.202506.b

cpe:2.3:a:publiccms:publiccms:5.202506.b

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-69437

Products

Pricing

Contact Us