CVE-2022-50937
Persistent XSS in Ametys CMS Link Directory Enables Session Hijacking
Publication date: 2026-01-13
Last updated on: 2026-02-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ametys | cms | 4.4.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50937 is a persistent cross-site scripting (XSS) vulnerability in Ametys CMS version 4.4.1, specifically in the input fields for adding external links in the link directory module. Attackers with low user privileges can inject malicious JavaScript code into fields such as 'Link Text,' 'Small Description,' and 'Description' via HTTP POST requests. Because the application does not properly validate, parse, encode, or sanitize these inputs on submission or rendering, the malicious scripts persist and execute whenever the links are viewed in both backend and frontend interfaces. This allows attackers to perform persistent attacks like session hijacking, phishing, unauthorized redirects, and manipulation of application modules. [1, 2, 4]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute persistent malicious scripts within the Ametys CMS environment. This can lead to session hijacking, where attackers steal user sessions; persistent phishing attacks; unauthorized external redirects to malicious websites; and manipulation of application modules. These impacts compromise user security and the integrity of the application, potentially leading to unauthorized access and data exposure. [1, 2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to inject malicious script payloads into the 'Link Text,' 'Small Description,' and 'Description' input fields of the add external link function in the Ametys CMS link directory module. Detection involves submitting crafted HTTP POST requests containing JavaScript payloads to these fields and then verifying if the scripts persist and execute when viewing the link directory in both backend and frontend interfaces. For example, you can use curl commands to POST data with payloads such as `<a onmouseover=alert(document.domain)>poc_link</a>` to the add external link endpoint and then check if the payload executes upon rendering. Specific commands might look like: `curl -X POST -d 'linkText=<a onmouseover=alert(document.domain)>poc_link</a>&smallDescription=test&description=test' https://your-ametys-site/path-to-add-link`. Monitoring HTTP traffic for such POST requests and responses containing unsanitized script tags can also help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include securely parsing and encoding all input fields in the add external link function, specifically the 'Link Text,' 'Small Description,' and 'Description' fields, to prevent injection of malicious scripts. Restrict special characters in these inputs and properly sanitize outputs wherever the links are displayed in both frontend and backend components. Additionally, restrict user privileges to limit who can add external links, and apply any available patches or updates from the vendor addressing this vulnerability. Monitoring and filtering HTTP POST requests to the add external link function for suspicious payloads can also help reduce risk until a fix is applied. [1, 2, 4]