CVE-2024-6932

Name of the Vulnerable Software and Affected Versions ClassCMS version 4.5

Description A vulnerability has been found in an unknown functionality of the file "/admin/?action=home&do=shop:index&keyword=&kind=all". The manipulation of the order argument leads to cross-site scripting. The attack can be launched remotely.

Recommendations For ClassCMS version 4.5, as a temporary workaround, consider restricting access to the "/admin/?action=home&do=shop:index&keyword=&kind=all" endpoint until a patch is available. Avoid manipulating the argument order in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.