CVE-2022-25582

Name of the Vulnerable Software and Affected Versions ClassCMS versions 2.5 and below

Description A stored cross-site scripting (XSS) issue in the Column module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field. This enables the execution of malicious code on the web application.

Recommendations For ClassCMS versions 2.5 and below, update to a version above 2.5 to resolve the issue. As a temporary workaround, consider restricting access to the Column module and the Add Articles field to minimize the risk of exploitation.