CVE-2022-25410

Name of the Vulnerable Software and Affected Versions Maxsite CMS version v180

Description A stored cross-site scripting (XSS) issue was found in Maxsite CMS. The vulnerability is exploited via the f file description parameter at the "/admin/files" API endpoint. This allows for malicious scripts to be stored and executed, potentially leading to unauthorized actions on the affected system.

Recommendations For Maxsite CMS version v180, as a temporary workaround, consider restricting access to the /admin/files API endpoint until a patch is available. Avoid using the f file description parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.