CVE-2022-31897
MEDIUMZoo Management System 1.0 - Cross-Site Scripting via Register Visitor Message Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-31897. PoCs published by angelopioamirante.
AI-analyzed exploit summary This repository contains a proof-of-concept for a reflected XSS vulnerability in Zoo Management System 1.0. The exploit demonstrates how an attacker can inject malicious JavaScript via the 'msg' parameter in the registration page URL.
Description
SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=.
Exploits (1)
nomisec
WORKING POC
by angelopioamirante · poc
https://github.com/angelopioamirante/CVE-2022-31897
This repository contains a proof-of-concept for a reflected XSS vulnerability in Zoo Management System 1.0. The exploit demonstrates how an attacker can inject malicious JavaScript via the 'msg' parameter in the registration page URL.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Zoo Management System 1.0
No auth needed
Prerequisites:
Access to the target application's registration page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
http://sourcecodester.com
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/167572/Zoo-Management-System-1.0-Cross-Site-Scripting.html
Scores
CVSS v3
6.1
EPSS
0.0078
EPSS Percentile
51.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
phpgurukul/zoo_management_system
1.0
Published
Jun 29, 2022
Tracked Since
Feb 18, 2026