CVE-2024-8145

Name of the Vulnerable Software and Affected Versions: ClassCMS version 4.8

Description: A vulnerability has been found in ClassCMS, affecting some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the Title argument leads to basic cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations: For ClassCMS version 4.8, upgrade to version 4.9 to mitigate risks. As a temporary workaround, consider restricting access to the /index.php/admin endpoint and the Title argument in the Article Handler component until the issue is resolved. Monitor for updates and apply patches as they become available.