CVE-2025-2366

Name of the Vulnerable Software and Affected Versions gougucms version 4.08.18

Description A problematic issue was found in the Add Department Page component, specifically affecting the add function of the /admin/department/add file. The manipulation of the title argument leads to cross-site scripting. This issue can be initiated remotely. The exploit has been publicly disclosed.

Recommendations For gougucms version 4.08.18, as a temporary workaround, consider restricting access to the /admin/department/add endpoint or disabling the add function until a patch is available. Avoid using the title argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.