Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-70959

CVE-2025-70959: Tendenci CMS Stored XSS Vulnerability

CVE-2025-70959 is a stored XSS vulnerability in Tendenci CMS v15.3.7 that allows attackers to inject malicious scripts via the Jobs module. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2025-70959 Overview

A stored cross-site scripting (XSS) vulnerability has been identified in the Jobs module of Tendenci CMS version 15.3.7. This vulnerability allows authenticated attackers to inject malicious web scripts or HTML content through crafted payloads that are persistently stored and executed when other users access the affected pages.

Critical Impact

Attackers can execute arbitrary JavaScript in victims' browsers, potentially stealing session tokens, performing actions on behalf of users, or delivering further payloads to site visitors.

Affected Products

  • Tendenci CMS v15.3.7
  • Jobs Module within Tendenci CMS

Discovery Timeline

  • 2026-02-02 - CVE-2025-70959 published to NVD
  • 2026-02-03 - Last updated in NVD database

Technical Details for CVE-2025-70959

Vulnerability Analysis

This stored XSS vulnerability (CWE-79) resides in the Jobs module of Tendenci CMS, an open-source content management system designed for membership management organizations. The vulnerability allows attackers with low-level privileges to inject persistent malicious scripts that execute in the context of other users' browsing sessions.

Unlike reflected XSS attacks that require victims to click malicious links, stored XSS payloads are saved to the application's database and automatically execute whenever legitimate users view the compromised content. This makes the attack particularly dangerous as it can affect multiple users over an extended period without requiring continued attacker interaction.

The vulnerability requires user interaction for exploitation—a victim must navigate to a page containing the injected payload. When triggered, the malicious script runs with the same origin privileges as the legitimate application, enabling attackers to access sensitive data, hijack user sessions, or modify page content.

Root Cause

The root cause of this vulnerability is improper input validation and output encoding in the Jobs module of Tendenci CMS. User-supplied input is not adequately sanitized before being stored in the database, and subsequently is not properly encoded when rendered in HTML output. This allows attackers to inject executable script content that bypasses browser security controls.

Attack Vector

The attack is conducted over the network and requires authenticated access with low privileges to the Tendenci CMS platform. An attacker would craft a malicious payload containing JavaScript or HTML and submit it through the Jobs module's input fields. Once stored, any user who views the affected job listing or related page would have the malicious script execute in their browser session.

The vulnerability mechanism involves injecting script content through form fields in the Jobs module. Malicious payloads can include JavaScript that accesses document cookies, performs DOM manipulation, or redirects users to attacker-controlled sites. For technical details on the vulnerability, see the GitHub security disclosure.

Detection Methods for CVE-2025-70959

Indicators of Compromise

  • Unusual JavaScript content or HTML tags in job listing database entries
  • Unexpected <script> tags or event handlers (e.g., onerror, onload, onclick) in Jobs module content
  • User reports of unexpected browser behavior when viewing job listings
  • Evidence of session token exfiltration or unauthorized account access

Detection Strategies

  • Implement web application firewall (WAF) rules to detect and block common XSS patterns in request parameters
  • Review Jobs module database tables for suspicious HTML or JavaScript content
  • Monitor application logs for unusual input patterns containing script tags or encoded JavaScript
  • Deploy Content Security Policy (CSP) headers to detect and report inline script execution attempts

Monitoring Recommendations

  • Enable browser-based CSP violation reporting to capture attempted XSS exploitation
  • Implement real-time alerting on database insertions containing HTML or JavaScript content in the Jobs module
  • Monitor for anomalous user session activity that may indicate session hijacking following XSS exploitation
  • Conduct periodic security scans of stored content to identify existing malicious payloads

How to Mitigate CVE-2025-70959

Immediate Actions Required

  • Upgrade Tendenci CMS to a patched version if available from the vendor
  • Audit existing Jobs module entries for malicious content and remove any identified payloads
  • Implement Content Security Policy (CSP) headers to mitigate the impact of XSS exploitation
  • Consider temporarily restricting access to the Jobs module until remediation is complete

Patch Information

At the time of publication, users should check the official Tendenci CMS repository and release notes for security patches addressing this vulnerability. Additional information may be available in the GitHub security disclosure.

Workarounds

  • Implement strict input validation on all Jobs module form fields, rejecting HTML and JavaScript content
  • Apply output encoding to all user-supplied data when rendering in HTML contexts
  • Deploy a web application firewall with XSS detection rules to filter malicious requests
  • Restrict user permissions for creating or modifying job listings to trusted accounts only
bash
# Example Content Security Policy header configuration for Apache
# Add to .htaccess or Apache configuration file
Header set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'none';"

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.