CVE-2022-45051

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
04/01/2023
Last modified:
11/01/2023

Description

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not properly neutralise user input, resulting in the vulnerability.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:axiell:iguana:*:*:*:*:*:*:*:* 4.0.0 (including) 4.5.02 (excluding)
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*