CVE-2022-50940
Unknown Unknown - Not Provided
Persistent XSS in Knap PHP Login 3.1.3 Enables Session Hijacking

Publication date: 2026-02-01

Last updated on: 2026-02-03

Assigner: VulnCheck

Description
Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially leading to session hijacking and persistent phishing attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-01
Last Modified
2026-02-03
Generated
2026-06-16
AI Q&A
2026-02-01
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50940
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
knap advanced_php_login 3.1.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2022-50940 is a persistent cross-site scripting (XSS) vulnerability in Knap Advanced PHP Login version 3.1.3. It occurs because the application improperly handles the 'name' parameter, allowing remote attackers with low privileged user accounts to inject malicious script code persistently. These scripts execute within backend modules such as the users list and activity log when viewed by administrators or moderators. This can lead to session hijacking, persistent phishing attacks, external redirects to malicious sites, and manipulation of application modules. [2, 3]

Impact Analysis

This vulnerability can impact you by allowing attackers to execute arbitrary scripts in backend modules, potentially leading to session hijacking where attackers can take over user sessions. It also enables persistent phishing attacks by injecting malicious scripts that can deceive users or administrators. Additionally, attackers can redirect users to malicious external sites and manipulate application modules, compromising the integrity and security of the system. [2, 3]

Detection Guidance

This vulnerability can be detected by testing the 'name' parameter in the Profile Account - Account Information module for persistent cross-site scripting (XSS) via POST requests during user creation or update. You can attempt to inject a harmless script payload into the 'name' field and then check if the script executes in the users list or activity log backend modules. Detection involves submitting a payload in the 'name' parameter and verifying if it is stored and executed persistently. Specific commands are not provided, but manual testing with tools like curl or web proxies to send POST requests with script payloads to the 'name' parameter can be used. [3]

Mitigation Strategies

Immediate mitigation steps include: 1) Restricting the 'name' input to disallow special characters during user registration and updates. 2) Encoding and escaping the 'name' parameter to sanitize inputs. 3) Sanitizing and filtering outputs in the users and activity log backend modules to prevent script execution. These steps help prevent malicious script injection and execution in backend modules. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50940. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart