Reflected XSS Vulnerability in PAD CMS by PAD CMSvendor
CVE-2025-8116

5.1MEDIUM

Key Information:

Vendor: Polska Akademia Dostępności
Status: Pad Cms
Vendor: CVE Published:; 30 September 2025

🔔 Create Polska Akademia Dostępności Vulnerability Alert

What is CVE-2025-8116?

The PAD CMS product is vulnerable to Reflected XSS through its printing and save to PDF functionalities. Attackers can exploit this vulnerability by crafting a specially designed URL that, when accessed by a user, executes arbitrary JavaScript in their browser. This security flaw affects all three templates: www, bip, and www+bip. It is important to note that the PAD CMS product has reached its End-of-Life status, and the vendor will not provide patches or updates to resolve this issue.

Affected Version(s)

PAD CMS 0 <= 1.2.1

References

https://cert.pl/posts/2025/09/CVE-2025-7063

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2025
Vulnerability Reserved
Jul 24, 2025

Credit

Jakub Szweda (CERT.PL)

JSON