CVE-2022-44787

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Appalti & Contratti version 9.12.2

Description The web application is vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page. For example, the onmouseenter attribute is not sanitized.

Recommendations For Appalti & Contratti version 9.12.2, consider disabling the reflection of the idPagina parameter in the server response or ensure proper HTML encoding to prevent XSS attacks. As a temporary workaround, restrict access to the affected web application until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-44787

Affected Products

Appalti & Contratti

CVE-2022-44787

Weakness Enumeration

Related Identifiers

Affected Products

References · 6