CVE-2022-41472

Name of the Vulnerable Software and Affected Versions 74cmsSE version 3.12.0

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. This is achieved through the /api/admin/notice/add API endpoint.

Recommendations For 74cmsSE version 3.12.0, consider disabling access to the /api/admin/notice/add API endpoint until a patch is available to prevent exploitation. Avoid using the Title field in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.