Public CVE-2022-29648 disclosure

OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.