Medium severity6.1NVD Advisory· Published Nov 21, 2022· Updated Jun 17, 2026
CVE-2022-44787
CVE-2022-44787
Description
An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page. As an example, the onmouseenter attribute is not sanitized.
Affected products
2- Appalti & Contratti/Appalti & Contrattidescription
- Range: =9.12.2
Patches
Vulnerability mechanics
References
1- members.backbox.org/maggioli-appalti-contratti-multiple-vulnerabilities/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.