CVE-2026-10153
published 2026-05-30CVE-2026-10153: A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file…
PriorityP423medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.28%
19.7th percentile
A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| westboy | cicadascms | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab.
ghsa_unreviewed·2026-05-31
CVE-2026-10153 [LOW] CWE-79 A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab.
A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
VulDB
westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab AbstractCacheManager.java search s cross site scripting (IJKWOH / EUVD-2026-33473)
vuldb·2026-05-30·CVSS 2.1
CVE-2026-10153 [LOW] westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab AbstractCacheManager.java search s cross site scripting (IJKWOH / EUVD-2026-33473)
A vulnerability has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab and classified as problematic. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting.
This vulnerability is registered as CVE-2026-10153. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
The project was informed of the problem early through an issue report but has not responded yet.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-30
Published