CVE-2022-45050 - Reflected XSS in Axiell Iguana CMS
CVE | CVE-2022-45050 | |||||||||||
Discovered by |
|
|||||||||||
Credits |
|
|||||||||||
Affected products |
|
|||||||||||
Page author | Max van der Horst | |||||||||||
CVSS |
Base score:
6.1
(MEDIUM) |
|||||||||||
References | https://csirt.divd.nl/CVE-2022-45050/ | |||||||||||
Problem type(s) | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||||||||
Solution(s) | Upgrade to the latest version of Iguana CMS. | |||||||||||
Last modified | 04 Jan 2023 16:28 |
Description
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim’s browser. The title parameter on the twitter.php endpoint does not properly neutralise user input, resulting in the vulnerability.
JSON version