CVE-2022-1075

Name of the Vulnerable Software and Affected Versions College Website Management System version 1.0

Description A vulnerability was found in the College Website Management System, affecting the file "/cwms/classes/Master.php?f=save contact" of the component Contact Handler. This issue leads to persistent cross-site scripting. The attack can be launched remotely and requires authentication.

Recommendations For College Website Management System version 1.0, consider disabling access to the "/cwms/classes/Master.php?f=save contact" file until a patch is available. Restrict access to the Contact Handler component to minimize the risk of exploitation. Avoid using the f parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.