CVE-2022-50896

Name of the Vulnerable Software and Affected Versions Testa version 3.5.1

Description The software contains a reflected cross-site scripting issue in the login.php file. Specifically, the redirect parameter is susceptible to malicious script injection. An attacker can craft a specially encoded payload within this parameter to execute arbitrary JavaScript code in a victim’s browser. The vulnerable API endpoint is /login.php and the vulnerable parameter is redirect.

Recommendations Apply any available updates to address the issue in Testa version 3.5.1.