Description
A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-30
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw is present in the Search function of CicadasCMS that is processed in AbstractCacheManager.java, allowing an attacker to inject malicious scripts by manipulating the argument 's'. This results in a cross‑site scripting vulnerability that can be exploited remotely via the web interface. The CVE notes that an exploit has been published and may be used. The weakness aligns with CWE‑79 and CWE‑94.

Affected Systems

All releases of the westboy CicadasCMS before the commit 2431154dac8d0735e04f1fd2a3c3556668fc8dab are affected. The product uses a rolling release model, so the exact version may vary, but any deployment that has not integrated the latest code changes is vulnerable.

Risk and Exploitability

The CVSS score is 5.3. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. Exploits have been released publicly, and the attack can be performed remotely through the web interface. The lack of a formal patch from the vendor means the risk remains until a new release that contains the fix is deployed.

Generated by OpenCVE AI on May 30, 2026 at 22:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a release containing commit 2431154dac8d0735e04f1fd2a3c3556668fc8dab or later.
  • If immediate upgrade is not feasible, restrict or deny access to the Search endpoint and implement server‑side input validation to escape or reject script content.
  • Monitor the vendor’s repository and security advisories for a patch, and apply updates promptly when available.

Generated by OpenCVE AI on May 30, 2026 at 22:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 21:30:00 +0000

Type Values Removed Values Added
Description A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
Title westboy CicadasCMS AbstractCacheManager.java search cross site scripting
First Time appeared Westboy
Westboy cicadascms
Weaknesses CWE-79
CWE-94
CPEs cpe:2.3:a:westboy:cicadascms:*:*:*:*:*:*:*:*
Vendors & Products Westboy
Westboy cicadascms
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Westboy Cicadascms
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-30T21:00:20.910Z

Reserved: 2026-05-30T05:49:54.641Z

Link: CVE-2026-10153

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-30T22:16:14.523

Modified: 2026-05-30T22:16:14.523

Link: CVE-2026-10153

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T23:00:13Z

Weaknesses