CVE-2025-70959

A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
References
Link Resource
https://github.com/emirhanyucelll/tendenci/blob/main/Readme.md Exploit Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:tendenci:tendenci:15.3.7:*:*:*:*:*:*:*

History

17 Jun 2026, 10:03

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de cross-site scripting (XSS) almacenada en el módulo de Empleos de Tendenci CMS v15.3.7 permite a los atacantes ejecutar scripts web arbitrarios o HTML mediante la inyección de una carga útil manipulada.

11 Feb 2026, 20:31

Type Values Removed Values Added
CPE cpe:2.3:a:tendenci:tendenci:15.3.7:*:*:*:*:*:*:*
First Time Tendenci
Tendenci tendenci
References () https://github.com/emirhanyucelll/tendenci/blob/main/Readme.md - () https://github.com/emirhanyucelll/tendenci/blob/main/Readme.md - Exploit, Mitigation, Vendor Advisory

03 Feb 2026, 15:16

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4

02 Feb 2026, 23:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-02-02 23:16

Updated : 2026-06-17 10:03


NVD link : CVE-2025-70959

Mitre link : CVE-2025-70959

CVE.ORG link : CVE-2025-70959


JSON object : View

Products Affected

tendenci

  • tendenci
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')