CVE-2025-0708

Name of the Vulnerable Software and Affected Versions fumiao opencms version 2.2

Description A vulnerability was found in the file /admin/model/addOrUpdate of the component Add Model Management Page. The manipulation of the argument 模板前缀 leads to cross-site scripting. The attack can be initiated remotely.

Recommendations For fumiao opencms version 2.2, as a temporary workaround, consider restricting access to the /admin/model/addOrUpdate endpoint until a patch is available. Avoid using the 模板前缀 argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.