Vulnerability Description
Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially leading to session hijacking and persistent phishing attacks.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://laravel-vuejs.com/
- https://www.vulncheck.com/advisories/knap-advanced-php-login-persistent-cross-si
- https://www.vulnerability-lab.com/get_content.php?id=2307
- https://www.vulnerability-lab.com/get_content.php?id=2307
FAQ
What is CVE-2022-50940?
CVE-2022-50940 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vul...
How severe is CVE-2022-50940?
CVE-2022-50940 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-50940?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.