CVE-2025-69437

PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can be triggered, resulting in issues such as credential theft, arbitrary API execution, and other security concerns. This vulnerability affects all file upload endpoint, including /cmsTemplate/save, /file/doUpload, /cmsTemplate/doUpload, /file/doBatchUpload, /cmsWebFile/doUpload, etc.

CVSS v3 8.7 HIGH

8.7^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.3 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/sanluan/PublicCMS/issues/103	Exploit Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-27 17:16

Updated : 2026-03-05 02:09

NVD link : CVE-2025-69437

Mitre link : CVE-2025-69437

CVE.ORG link : CVE-2025-69437

JSON object : View

Products Affected

publiccms

publiccms

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2025-69437", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.3}]}, "published": "2026-02-27T17:16:26.007", "references": [{"url": "https://github.com/sanluan/PublicCMS/issues/103", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can be triggered, resulting in issues such as credential theft, arbitrary API execution, and other security concerns. This vulnerability affects all file upload endpoint, including /cmsTemplate/save, /file/doUpload, /cmsTemplate/doUpload, /file/doBatchUpload, /cmsWebFile/doUpload, etc."}, {"lang": "es", "value": "PublicCMS v5.202506.d y anteriores es vulnerable a XSS almacenado. Los PDF subidos pueden contener cargas \u00fatiles de JavaScript y eludir las comprobaciones de seguridad de PDF en el backend CmsFileUtils.java. Si un usuario sube un archivo PDF que contiene una carga \u00fatil maliciosa al sistema y lo visualiza, la carga \u00fatil de JavaScript incrustada puede activarse, lo que resulta en problemas como el robo de credenciales, la ejecuci\u00f3n arbitraria de API y otras preocupaciones de seguridad. Esta vulnerabilidad afecta a todos los puntos finales de carga de archivos, incluyendo /cmsTemplate/save, /file/doUpload, /cmsTemplate/doUpload, /file/doBatchUpload, /cmsWebFile/doUpload, etc."}], "lastModified": "2026-03-05T02:09:43.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B937509A-33F9-4B58-9E04-4297591A198E", "versionEndIncluding": "5.202506.d"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}