Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-44071
CVE-2022-44071:
PHP vulnerability analysis and mitigation
Overview
Zenario CMS version 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via profile. The vulnerability was discovered and disclosed on October 17, 2022 (GitHub Issue).
Technical details
The vulnerability exists in the profile section of Zenario CMS, specifically in the First name and Last name fields. When malicious payload is entered in these fields and saved, the XSS payload gets stored and executed when viewing site diagnostics through the tab bar (GitHub Issue).
Impact
This stored XSS vulnerability allows attackers to execute arbitrary JavaScript code in the context of other users' browsers who view the affected page. This could lead to session hijacking, defacement, or theft of sensitive browser data (GitHub Issue).
Additional resources
Source: This report was generated using AI
Related PHP vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management