CVE-2022-50940
Persistent XSS in Knap PHP Login 3.1.3 Enables Session Hijacking
Publication date: 2026-02-01
Last updated on: 2026-02-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| knap | advanced_php_login | 3.1.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50940 is a persistent cross-site scripting (XSS) vulnerability in Knap Advanced PHP Login version 3.1.3. It occurs because the application improperly handles the 'name' parameter, allowing remote attackers with low privileged user accounts to inject malicious script code persistently. These scripts execute within backend modules such as the users list and activity log when viewed by administrators or moderators. This can lead to session hijacking, persistent phishing attacks, external redirects to malicious sites, and manipulation of application modules. [2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary scripts in backend modules, potentially leading to session hijacking where attackers can take over user sessions. It also enables persistent phishing attacks by injecting malicious scripts that can deceive users or administrators. Additionally, attackers can redirect users to malicious external sites and manipulate application modules, compromising the integrity and security of the system. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the 'name' parameter in the Profile Account - Account Information module for persistent cross-site scripting (XSS) via POST requests during user creation or update. You can attempt to inject a harmless script payload into the 'name' field and then check if the script executes in the users list or activity log backend modules. Detection involves submitting a payload in the 'name' parameter and verifying if it is stored and executed persistently. Specific commands are not provided, but manual testing with tools like curl or web proxies to send POST requests with script payloads to the 'name' parameter can be used. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Restricting the 'name' input to disallow special characters during user registration and updates. 2) Encoding and escaping the 'name' parameter to sanitize inputs. 3) Sanitizing and filtering outputs in the users and activity log backend modules to prevent script execution. These steps help prevent malicious script injection and execution in backend modules. [3]