CVE-2022-44870

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions maccms10 version 2022.1000.3032

Description A reflected cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.

Recommendations For maccms10 version 2022.1000.3032, avoid using the Name parameter in the AD Management module until a fix is available. As a temporary workaround, consider restricting access to the AD Management module to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-44870

Affected Products

Maccms10

CVE-2022-44870

Weakness Enumeration

Related Identifiers

Affected Products

References · 5