Anqicms · Anqicms · CVE-2025-50270
**Name of the Vulnerable Software and Affected Versions**
AnQiCMS version 3.4.11
**Description**
A stored Cross Site Scripting (xss) vulnerability exists in the "content management" feature. A remote attacker can execute arbitrary code by providing a crafted script to the `title`, `categoryTitle`, and `tmpTag` parameters.
**Recommendations**
Update to a newer version that contains a fix for this issue. As a temporary workaround, sanitize all user-supplied input for the `title`, `categoryTitle`, and `tmpTag` parameters before processing it.