CVE-2022-50937

Name of the Vulnerable Software and Affected Versions Ametys CMS version 4.4.1

Description Ametys CMS version 4.4.1 has a persistent cross-site scripting issue in the link directory’s input fields for external links. An attacker can inject malicious script code into the link text and descriptions, leading to persistent attacks that can compromise user sessions and manipulate application modules. The issue allows for the execution of malicious scripts when users access the affected links.

Recommendations Update Ametys CMS to a version that addresses this issue. As a temporary workaround, sanitize all input data for external links in the link directory to prevent the injection of malicious scripts.