CVE-2022-50896

MEDIUM

Testa 3.5.1 - XSS

Title source: llm

Description

Testa 3.5.1 contains a reflected cross-site scripting vulnerability in the login.php redirect parameter that allows attackers to inject malicious scripts. Attackers can craft a specially encoded payload in the redirect parameter to execute arbitrary JavaScript in victim's browser context.

Exploits (1)

exploitdb WORKING POC

by Ashkan Moghaddas · textwebappsphp

https://www.exploit-db.com/exploits/51023

View Code ZIP pw:eip

References (3)

[Various Sources] https://web.archive.org/web/20220406031253/https://testa.cc/

[Third Party Advisory] https://www.vulncheck.com/advisories/testa-online-test-management-system-reflected-cross-site-scripting-xss

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51023

Scores

CVSS v3 6.1

EPSS 0.0004

EPSS Percentile 11.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

Testa/Testa 3.5.1

Published Jan 13, 2026

Tracked Since Feb 18, 2026