CVE-2022-50937 | THREATINT

Description

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modules.

PUBLISHED Reserved 2026-01-11 | Published 2026-01-13 | Updated 2026-02-02 | Assigner VulnCheck

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

4.4.1

affected

Credits

Vulnerability-Lab finder

References

www.exploit-db.com/exploits/50692 exploit

www.vulnerability-lab.com/get_content.php?id=2275 exploit

www.exploit-db.com/exploits/50692 (ExploitDB-50692) exploit

www.vulnerability-lab.com/get_content.php?id=2275 (Vulnerability Lab Advisory) vendor-advisory

www.ametys.org/...metys-platform/ametys-portal/overview.html (Official Ametys CMS Homepage) product

www.vulncheck.com/...ies/ametys-cms-cross-site-scripting-xss (VulnCheck Advisory: Ametys CMS v4.4.1 - Cross Site Scripting (XSS)) third-party-advisory

cve.org (CVE-2022-50937)

nvd.nist.gov (CVE-2022-50937)

Download JSON

help @ threatint.eu