CVE-2022-50937

MEDIUM

Ametys CMS 4.4.1 - Stored Cross-Site Scripting in Link Directory Input Fields

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50937. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This is a proof-of-concept for a persistent XSS vulnerability in Ametys CMS v4.4.1. The exploit demonstrates how an attacker with low privileges can inject malicious script code into the 'Link Text', 'Small description', and 'Description' fields of the 'Add External Link' function, leading to script execution when the link directory is viewed.

Description

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modules.

Exploits (1)

exploitdb WORKING POC

by Vulnerability-Lab · textwebappsjava

https://www.exploit-db.com/exploits/50692

View Code ZIP pw:eip

This is a proof-of-concept for a persistent XSS vulnerability in Ametys CMS v4.4.1. The exploit demonstrates how an attacker with low privileges can inject malicious script code into the 'Link Text', 'Small description', and 'Description' fields of the 'Add External Link' function, leading to script execution when the link directory is viewed.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Ametys CMS v4.4.1

Auth required

Prerequisites: Low-privileged user account in Ametys CMS · Access to the 'Add External Link' function

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/50692

Exploit, Third Party Advisory vendor-advisory

https://www.vulnerability-lab.com/get_content.php?id=2275

Product product

https://www.ametys.org/community/en/ametys-platform/ametys-portal/overview.html

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/ametys-cms-cross-site-scripting-xss

Scores

CVSS v3 6.1

EPSS 0.0026

EPSS Percentile 17.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

ametys/ametys 4.4.1

Ametys/Ametys CMS 4.4.1

Published Jan 13, 2026

Tracked Since Feb 18, 2026