Reflected XSS in PAD CMS_CVE-2025-8116

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Description

PAD CMS is vulnerable to Reflected XSS in printing and save to PDF functionality. Malicious attacker can craft special URL, which will result in arbitrary JavaScript execution in victim's browser, when opened. This issue affects all 3 templates: www, bip and www+bip.

This product is End-Of-Life and producent will not publish patches for this vulnerability.

Basic Information

ID CVE-2025-8116

Source CERT-PL

Published Sep 30, 2025 at 10:04

Affected Product

Vendor Polska Akademia Dostępności

Product PAD CMS

Affected Versions Polska Akademia Dostępności PAD CMS 0

CWE Classification

CWE-79

References

cert.pl /posts/2025/09/CVE-2025-7063

{
    "lastseen": "",
    "description": "PAD CMS is vulnerable to Reflected XSS in printing and save to PDF functionality. Malicious attacker can craft special URL, which will result in arbitrary JavaScript execution in victim's browser, when opened. This issue affects all 3 templates: www, bip and www+bip.\n\nThis product is End-Of-Life and producent will not publish patches for this vulnerability.",
    "published": "2025-09-30T10:04:25.946Z",
    "modified": "2025-09-30T10:04:25.946Z",
    "type": "cve",
    "title": "Reflected XSS in PAD CMS",
    "source": "CERT-PL",
    "references": "https://cert.pl/posts/2025/09/CVE-2025-7063",
    "id": "CVE-2025-8116",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Polska Akademia Dost\u0119pno\u015bci PAD CMS 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PAD CMS",
    "version": "0",
    "vendor": "Polska Akademia Dost\u0119pno\u015bci",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}