CVE-2025-8116
BaseFortify
Publication date: 2025-09-30
Last updated on: 2025-11-26
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| widzialni | pad_cms | to 1.2.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Reflected Cross-Site Scripting (XSS) issue in PAD CMS affecting the printing and save to PDF functionality. An attacker can craft a special URL that, when opened by a victim, causes arbitrary JavaScript code to execute in the victim's browser. This affects all three templates: www, bip, and www+bip.
How can this vulnerability impact me? :
The vulnerability can lead to arbitrary JavaScript execution in the victim's browser, which may allow attackers to steal sensitive information, hijack user sessions, perform actions on behalf of the user, or deliver malicious payloads. Since the product is End-Of-Life, no patches will be provided, increasing the risk of exploitation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious URLs that include JavaScript code in the printing and save to PDF functionality of PAD CMS, as it is a reflected XSS vulnerability. You can use web proxy logs or web server logs to look for unusual URL parameters that contain JavaScript payloads. For example, using command-line tools like grep to search logs for suspicious patterns such as '<script>' or 'javascript:' in URL parameters. Example command: grep -iE '(<script>|javascript:)' /var/log/apache2/access.log. Additionally, using web vulnerability scanners that detect reflected XSS can help identify this issue.
What immediate steps should I take to mitigate this vulnerability?
Since PAD CMS is End-Of-Life and no patches will be released, immediate mitigation steps include disabling or restricting access to the printing and save to PDF functionality to prevent exploitation. Implement web application firewall (WAF) rules to block requests containing suspicious JavaScript code in URL parameters. Educate users to avoid clicking on suspicious links. Consider migrating to a supported CMS or applying custom input validation and output encoding to sanitize inputs and outputs related to the vulnerable functionality.