CVE-2025-8116
MEDIUMwidzialni pad_cms < 1.2.1 - Reflected Cross-Site Scripting in Print and PDF Save Functionality
Title source: llmDescription
PAD CMS is vulnerable to Reflected XSS in printing and save to PDF functionality. Malicious attacker can craft special URL, which will result in arbitrary JavaScript execution in victim's browser, when opened. This issue affects all 3 templates: www, bip and www+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability.
References (1)
Core 1
Core References
Third Party Advisory
https://cert.pl/posts/2025/09/CVE-2025-7063
Scores
CVSS v3
6.1
EPSS
0.0023
EPSS Percentile
13.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
widzialni/pad_cms
< 1.2.1
Published
Sep 30, 2025
Tracked Since
Feb 18, 2026