Tendenci CMS contains a stored Cross-site Scripting (XSS) vulnerability in the Forums module

GHSA-6fvp-wmh6-jg95 · CVE-2025-70960 · PYSEC-2026-138

Published Feb 3, 2026 · Modified Jun 10, 2026

Description

A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-70960
WEB https://github.com/emirhanyucelll/tendenci/blob/main/Readme.md
PACKAGE https://github.com/tendenci/tendenci

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes