CVE-2022-50942

Name of the Vulnerable Software and Affected Versions Inciga Web version 2.8.2

Description The software contains a client-side cross-site scripting issue that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent() method to execute arbitrary scripts, potentially leading to session hijacking and non-persistent phishing attacks.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the icinga.min.js file.