Home

Description

PAD CMS is vulnerable to Reflected XSS in printing and save to PDF functionality. Malicious attacker can craft special URL, which will result in arbitrary JavaScript execution in victim's browser, when opened. This issue affects all 3 templates: www, bip and www+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability.

PUBLISHED Reserved 2025-07-24 | Published 2025-09-30 | Updated 2025-09-30 | Assigner CERT-PL




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status
unknown

Any version
affected

Credits

Jakub Szweda (CERT.PL) finder

References

cert.pl/posts/2025/09/CVE-2025-7063

cve.org (CVE-2025-8116)

nvd.nist.gov (CVE-2025-8116)

Download JSON