📦 Windu Cms

Windu CMS version 4.1 has weak client-side brute-force protection that stores login attempt information in a client-side parameter instead of server-side. This allows attackers to bypass login rate li...

Windu CMS version 4.1 is vulnerable to user enumeration during login, allowing attackers to determine valid usernames by analyzing response differences. This enables targeted brute force attacks again...

Windu CMS version 4.1 has a stored cross-site scripting vulnerability in the logon page that allows attackers to inject malicious HTML and JavaScript. When administrators view the logs page, the injec...

Windu CMS version 4.1 has a broken access control vulnerability in user editing functionality that allows privileged users to delete Super Admin accounts via GET requests, bypassing GUI restrictions. ...