CVE-2022-33075

MEDIUM

Zoo Management System 1.0 - Stored Cross-Site Scripting in Add Classification Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-33075. PoCs published by angelopioamirante.

AI-analyzed exploit summary This repository provides a functional proof-of-concept for a stored XSS vulnerability in Zoo Management System 1.0, where malicious scripts can be injected via the 'Add Classification' functionality in the admin panel. The exploit involves injecting a script payload into either the 'Classification Display Name' or 'Classification Table Name' fields, which then executes when viewed.

Description

A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors.

Exploits (1)

nomisec WORKING POC
by angelopioamirante · poc
https://github.com/angelopioamirante/CVE-2022-33075

This repository provides a functional proof-of-concept for a stored XSS vulnerability in Zoo Management System 1.0, where malicious scripts can be injected via the 'Add Classification' functionality in the admin panel. The exploit involves injecting a script payload into either the 'Classification Display Name' or 'Classification Table Name' fields, which then executes when viewed.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Zoo Management System 1.0
Auth required
Prerequisites: Access to admin panel · Valid admin credentials
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Product x_refsource_misc
http://sourcecodester.com
Not Applicable x_refsource_misc
http://zoo.com

Scores

CVSS v3 5.4
EPSS 0.0068
EPSS Percentile 47.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
phpgurukul/zoo_management_system 1.0
Published Jul 05, 2022
Tracked Since Feb 18, 2026