CVE-2025-50754 is a critical stored Cross-Site Scripting (XSS) vulnerability identified in Unisite CMS version 5.0, specifically within its "Report" functionality. This vulnerability allows an attacker to inject malicious JavaScript code into the report submission feature. When an administrator views the compromised report in the admin panel, the malicious script executes in the context of the administrator's browser session. This leads to session hijacking, enabling the attacker to impersonate the admin user. Leveraging this elevated access, the attacker can use the CMS's template editor to upload and execute a PHP web shell on the server. This web shell provides the attacker with full remote code execution capabilities, effectively compromising the entire server hosting the CMS. The vulnerability is characterized by a CVSS v3.1 base score of 9.6, indicating a critical severity level. The attack vector is network-based (AV:N), requires no privileges (PR:N), but does require user interaction (UI:R) in the form of the administrator viewing the malicious report. The scope is changed (S:C), impacting confidentiality, integrity, and availability at a high level (C:H/I:H/A:H). The root cause is a failure to properly sanitize user input in the report functionality, classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). No patches are currently linked, and no known exploits in the wild have been reported yet. However, the potential for exploitation is significant given the ability to escalate from XSS to full remote code execution.

For European organizations using Unisite CMS version 5.0, this vulnerability poses a severe risk. Successful exploitation can lead to complete compromise of the CMS server, exposing sensitive organizational data, including administrative credentials and potentially customer or user data managed through the CMS. The attacker’s ability to execute arbitrary PHP code can facilitate data theft, defacement, deployment of ransomware, or use of the compromised server as a pivot point for lateral movement within the network. Given the criticality of CMS platforms in managing web content and internal workflows, disruption or compromise can result in significant reputational damage, regulatory non-compliance (e.g., GDPR violations due to data breaches), and financial losses. The requirement for administrator interaction (viewing the malicious report) means that targeted phishing or social engineering campaigns could be used to increase exploitation likelihood. The vulnerability’s impact on confidentiality, integrity, and availability is high, making it a top priority for remediation in affected environments.

1. Immediate mitigation should include restricting access to the report functionality and the admin panel to trusted administrators only, ideally via network segmentation or VPN access. 2. Implement strict input validation and output encoding on the report submission feature to prevent injection of malicious scripts. 3. Disable or restrict the template editor functionality unless absolutely necessary, and monitor its usage closely. 4. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts within the admin panel. 5. Conduct thorough security audits and penetration testing focused on the CMS, especially the report and template editor modules. 6. Monitor logs for unusual activity, such as unexpected template edits or web shell uploads. 7. Educate administrators on the risks of interacting with untrusted content and encourage cautious behavior when reviewing reports. 8. Since no official patch is currently available, consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block XSS payloads targeting the report functionality. 9. Plan for rapid patch deployment once an official fix is released by the vendor.