CVE-2022-50940

Description

Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially leading to session hijacking and persistent phishing attacks.

References

https://www.vulnerability-lab.com/get_content.php?id=2307

https://www.vulncheck.com/advisories/knap-advanced-php-login-persistent-cross-site-scripting-via-name-parameter

https://laravel-vuejs.com/

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3

CVSS v4