Vulnerabilities in Windu CMS software
ID: c09b2dcb-fcee-5114-aec7-203eab9fecc6
STIX ID: report--c09b2dcb-fcee-5114-aec7-203eab9fecc6
Feed Name: CERT Polska
Threat Score
CERT Polska coordinated disclosure reports multiple vulnerabilities in Windu CMS 4.1 (fixed in build 2250) — including CSRF (several variants), broken access control enabling privileged GET-based deletion of Super Admins, stored XSS on login and page-editing endpoints, file-upload CSRF, user enumeration, and weak client-side brute-force protection — credited to Karol Czubernat.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.