CVE-2022-45051
Reflected POST XSS in Axiell Iguana CMS
| CVE | CVE-2022-45051 | |||||||||||
| Title | Reflected POST XSS in Axiell Iguana CMS | |||||||||||
| Credits |
|
|||||||||||
| Affected products |
|
|||||||||||
| CVSS |
Base score:
6.1
(MEDIUM) |
|||||||||||
| References |
|
|||||||||||
| Problem type(s) | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||||||||
| Date published | ||||||||||||
| Last modified | 06 Jan 2023 15:18 UTC |
Description
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not properly neutralise user input, resulting in the vulnerability.
Solution(s)
Upgrade to the latest version of Iguana CMS.
JSON version.