Skip to the content.

CVE-2022-45050 - Reflected XSS in Axiell Iguana CMS

CVE CVE-2022-45050
Discovered by
  • Amr Al Hallak
Credits
Affected products
Product Affected Unaffected Unknown
Axiell Iguana on Windows, Linux >= semver 4 to < 4.5.02
everything else
Page author Max van der Horst
CVSS Base score: 6.1 (MEDIUM)
References https://csirt.divd.nl/CVE-2022-45050/
Problem type(s) CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Solution(s) Upgrade to the latest version of Iguana CMS.
Last modified 04 Jan 2023 16:28

Description

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim’s browser. The title parameter on the twitter.php endpoint does not properly neutralise user input, resulting in the vulnerability.


JSON version