Vulbox

**Name of the Vulnerable Software and Affected Versions** ClassCMS versions up to 4.8 **Description** A critical issue has been found in the User Management Page component, specifically affecting an unknown functionality of the file "/admin?do=admin:user:editPost". This issue leads to improper handling of insufficient privileges, allowing for remote attacks. The exploit has been disclosed publicly and can be used. **Recommendations** For ClassCMS versions up to 4.8, as a temporary workaround, consider restricting access to the "/admin?do=admin:user:editPost" endpoint until a patch is available. Additionally, review and restrict privileges to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ClassCMS version 4.8 **Description** A problematic vulnerability was found in ClassCMS, affecting an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the `URL` argument leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For ClassCMS version 4.8, as a temporary workaround, consider restricting access to the `/index.php/admin` endpoint until a patch is available. Avoid manipulating the `URL` argument in the affected Model Management Page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.