PT-2026-39482 · Unknown · Avatar Uploader

·

CVE-2022-50957

·

Published

2026-05-10

·

Updated

2026-05-10

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions avatar uploader version 7.x-1.0-beta8
Description A reflected cross-site scripting issue allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs containing script payloads in the file parameter of 'avatar uploader.pages.inc' to execute arbitrary JavaScript in the browsers of victims.
Recommendations As a temporary workaround, avoid using the file parameter in the 'avatar uploader.pages.inc' component until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2022-50957

Affected Products

Avatar Uploader