CVE-2022-1816

Name of the Vulnerable Software and Affected Versions Zoo Management System version 1.0

Description A problematic issue has been found in the Zoo Management System, affecting the /zoo/admin/public html/view accounts?type=zookeeper endpoint of the content module. The manipulation of the admin name argument with the input <script>alert(1)</script> leads to an authenticated cross-site scripting issue. Exploit details have been disclosed to the public.

Recommendations For Zoo Management System version 1.0, as a temporary workaround, consider restricting access to the /zoo/admin/public html/view accounts?type=zookeeper endpoint until a patch is available. Avoid using the admin name argument in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.