CVE-2026-10529— westboy CicadasCMS Task Scheduling Management ScheduleJobController.java cross site scripting
Possible ATT&CK Techniques 3AI
T1059 · Command and Scripting Interpreter T1071 · Application Layer Protocol T1189 · Drive-by CompromiseGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10529
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
westboy CicadasCMS Task Scheduling Management ScheduleJobController.java cross site scripting
Source: NVD (National Vulnerability Database)
Vulnerability Description
A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java of the component Task Scheduling Management Module. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| westboy | CicadasCMS | 2431154dac8d0735e04f1fd2a3c3556668fc8dab | cpe:2.3:a:westboy:cicadascms:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-10529
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10529
请登录查看更多情报信息。
Other References for CVE-2026-10529 (2)
IV. Related Vulnerabilities
Same product: CicadasCMS
- CVE-2026-10153
westboy CicadasCMS AbstractCacheManager.java search cross si - CVE-2025-11289
westboy CicadasCMS Template Management TemplateFileServiceIm - CVE-2025-11069
westboy CicadasCMS Add Department save cross site scripting - CVE-2025-11068
westboy CicadasCMS save cross site scripting - CVE-2025-3816
westboy CicadasCMS Scheduled Task save os command injection
Same vendor: westboy
- CVE-2026-10153
westboy CicadasCMS AbstractCacheManager.java search cross si - CVE-2025-11289
westboy CicadasCMS Template Management TemplateFileServiceIm - CVE-2025-11069
westboy CicadasCMS Add Department save cross site scripting - CVE-2025-11068
westboy CicadasCMS save cross site scripting - CVE-2025-3816
westboy CicadasCMS Scheduled Task save os command injection
Same weakness: CWE-79
- CVE-2025-52759
WordPress Accordion FAQ plugin <= 2.2.1 - Cross Site Scripti - CVE-2026-34907
Reflected Cross-Site Scripting (XSS) in Wirtualna Uczelnia - CVE-2026-5191
Tiled Gallery Carousel Without JetPack <= 3.1 - Authenticate - CVE-2026-1451
rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'a' Pa - CVE-2026-8885
DeMomentSomTres Shortcodes <= 1.1.1 - Authenticated (Contrib
V. Comments for CVE-2026-10529
No comments yet