CVE-2022-50940

Sažetak

Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially leading to session hijacking and persistent phishing attacks.

Reference

https://laravel-vuejs.com/
https://www.vulncheck.com/advisories/knap-advanced-php-login-persistent-cross-site-scripting-via-name-parameter
https://www.vulnerability-lab.com/get_content.php?id=2307
https://www.vulnerability-lab.com/get_content.php?id=2307

CVSS

Base:	6.4
Impact:	2.7
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

03-02-2026 - 17:15

Objavljeno

01-02-2026 - 13:15