CVE-2025-14244 is a cross-site scripting vulnerability identified in GreenCMS version 2.3.0603, affecting the Menu Management Page component within the /Admin/Controller/CustomController.class.php file. The vulnerability stems from insufficient sanitization of the 'Link' parameter, which attackers can manipulate to inject malicious JavaScript code. This flaw allows remote attackers to craft URLs or inputs that, when processed by the vulnerable CMS, execute arbitrary scripts in the context of the victim's browser. The attack vector does not require authentication but does require user interaction, such as clicking a malicious link or visiting a compromised page. The vulnerability has a CVSS 4.8 (medium) score, reflecting moderate impact with low complexity of attack but requiring user interaction and some privileges. Notably, the affected GreenCMS version is no longer supported, meaning no official patches or updates are available, increasing exposure risk. Although no active exploitation has been reported, the public availability of exploit code heightens the threat landscape. The vulnerability primarily threatens confidentiality and integrity by enabling session hijacking, credential theft, or unauthorized actions performed under the victim's session. Availability impact is minimal. The lack of vendor support necessitates alternative mitigation strategies such as web application firewalls or manual code fixes. Organizations relying on GreenCMS 2.3.0603 should prioritize risk assessment and remediation to prevent exploitation.

For European organizations, this vulnerability poses a moderate risk primarily to web applications running GreenCMS 2.3.0603. Successful exploitation can lead to session hijacking, theft of sensitive user data, unauthorized actions performed on behalf of users, and potential website defacement. This can damage organizational reputation, lead to regulatory non-compliance (e.g., GDPR breaches if personal data is compromised), and disrupt business operations. Since the affected CMS version is unsupported, organizations cannot rely on vendor patches, increasing the likelihood of prolonged exposure. Attackers could leverage this vulnerability to target administrative users, amplifying the potential damage. The requirement for user interaction limits automated mass exploitation but targeted phishing or social engineering campaigns could be effective. European entities with public-facing websites using GreenCMS are at risk, especially those in sectors with high web presence such as government, education, and SMEs. The impact is compounded by the potential for lateral movement if attackers gain administrative access through XSS-facilitated session hijacking.

Given the lack of official patches for GreenCMS 2.3.0603, European organizations should consider the following specific mitigations: 1) Migrate to a supported CMS platform or upgrade to a version without this vulnerability if available. 2) Implement strict input validation and output encoding on the 'Link' parameter and other user-controllable inputs to neutralize malicious scripts. 3) Deploy a web application firewall (WAF) with rules to detect and block XSS payloads targeting the vulnerable endpoint. 4) Conduct regular security audits and penetration tests focusing on web application vulnerabilities. 5) Educate users and administrators about phishing risks and safe browsing practices to reduce successful user interaction exploitation. 6) Restrict administrative access to trusted networks or via VPN to minimize exposure. 7) Monitor logs for suspicious activity related to the vulnerable component. 8) If feasible, apply manual code review and patching to sanitize inputs in the affected controller file. These steps collectively reduce the risk of exploitation despite the absence of vendor support.