CVE-2025-1892

Name of the Vulnerable Software and Affected Versions shishuocms version 1.1

Description A vulnerability was found in the Directory Deletion Page component, specifically in the /manage/folder/add.json file. The manipulation of the folderName argument leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For shishuocms version 1.1, as a temporary workaround, consider restricting access to the /manage/folder/add.json endpoint until a patch is available. Additionally, avoid using the folderName argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.