publiccms
Web & CMS Pluginscommercial
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting publiccms.
- CVE-2026-3289Sanluan PublicCMS Template Cache Generation TemplateCacheComponent.java saveMetadata path traversal6.3
- CVE-2025-69437PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF...8.7
- CVE-2026-2010Sanluan PublicCMS Trade Payment TradePaymentService.java paid improper authorization4.2
- CVE-2026-1112Sanluan PublicCMS Trade Address Deletion Endpoint TradeAddressController.java delete improper authorization5.4
- CVE-2026-1111Sanluan PublicCMS Task Template Management TaskTemplateAdminController.java save path traversal4.7
- CVE-2025-65837PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module.5.4
- CVE-2025-65840PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.8.8
- CVE-2025-65838PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method.7.5
- CVE-2025-65836PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.9.1
- CVE-2025-57516OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, and PublicCMS-V5.202506.b allowing attackers to execute arbitrary commands via crafted DATABASE, USERNAME, or PASSWORD variabl...8.2
- CVE-2025-7953Sanluan PublicCMS viewer.html redirect3.5
- CVE-2025-7949Sanluan PublicCMS preview.html redirect3.5
- CVE-2025-25361An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file.9.8
- CVE-2024-11175Public CMS Voting Management save cross site scripting3.5
- CVE-2024-11070Sanluan PublicCMS Tag Type save cross site scripting3.5