CVE-2022-27308
MEDIUMPHProjekt PhpSimplyGest 1.3.0 - Stored Cross-Site Scripting via Project Title
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-27308. PoCs published by Andrea Intilangelo.
AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in PHProjekt PhpSimplyGest v1.3.0. The PoC involves injecting malicious JavaScript into the title field of a project, which executes when the page is loaded.
Description
A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title.
Exploits (1)
exploitdb
WORKING POC
by Andrea Intilangelo · textwebappsphp
https://www.exploit-db.com/exploits/50922
This exploit demonstrates a stored XSS vulnerability in PHProjekt PhpSimplyGest v1.3.0. The PoC involves injecting malicious JavaScript into the title field of a project, which executes when the page is loaded.
Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
PHProjekt PhpSimplyGest v1.3.0
Auth required
Prerequisites:
Access to create or edit a project in the application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Broken Link, Third Party Advisory x_refsource_misc
https://github.com/robyfofo/PhpSimplyGest
Broken Link x_refsource_misc
http://phprojekt.altervista.org/phpsimplygest130/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/166966/PHProjekt-PhpSimplyGest-MyProjects-1.3.0-Cross-Site-Scripting.html
Scores
CVSS v3
5.4
EPSS
0.0246
EPSS Percentile
82.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
phprojekt_phpsimplygest_project/phprojekt_phpsimplygest
1.3.0
Published
May 09, 2022
Tracked Since
Feb 18, 2026