Refengso

**Name of the Vulnerable Software and Affected Versions** ClassCMS version 4.8 **Description** The issue is related to Cross Site Scripting (XSS) in the "class/admin/channel.php" file, allowing for potential malicious script injection. **Recommendations** For ClassCMS version 4.8, consider restricting access to the "class/admin/channel.php" file until a patch is available. As a temporary workaround, avoid using any user-inputted data in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Moss version v0.1.3 **Description** The issue is related to an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the `order` parameter. This vulnerability can be exploited by injecting malicious input into the affected parameter. **Recommendations** For Moss version v0.1.3, as a temporary workaround, consider restricting access to the `order` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ClassCMS version 4.8 **Description** The issue allows attackers to execute arbitrary code and potentially take control of the server by constructing a payload in the `classview` parameter of the model management feature. This enables them to exploit the code execution vulnerability. **Recommendations** For ClassCMS version 4.8, consider disabling the model management feature or restricting access to the `classview` parameter until a patch is available. As a temporary workaround, avoid using the `classview` parameter in the model management feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.