CVE-2022-50952
Description
Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Banco Guayaquil 8.0.0 iOS app has a persistent XSS vulnerability in the profile name field, allowing script injection via POST request without user interaction.
Vulnerability
Description: The Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting (XSS) vulnerability in the TextBox Name Profile input field. The application fails to properly sanitize user-supplied input, allowing an attacker to inject malicious script code that executes within the application's review context [1][3]. This is a classic case of improper neutralization of input during web page generation (CWE-79) [3].
Exploitation: An attacker with restricted authentication (user privileges) can inject malicious script code through a POST request to the profile name endpoint. The injected script code through a POST request to the profile name field. The injected script code through a POST request to the profile name injected script code through a POST request to the profile name injected script code through a POST request to the profile name injected script code through a POST request to the profile name injected script code through a POST request to the profile name input. The vulnerability is exploitable without requiring user interaction, meaning the injected script executes automatically when the application reviews the profile data [1][3]. The attack vector is network-based, with low attack complexity and low privileges required [3].
Impact: Successful exploitation allows an attacker to execute arbitrary script code within the application's review interface, potentially leading to data theft, session hijacking, or other client-side attacks. The CVSS v4 vector indicates limited impact to confidentiality and integrity, with no impact to availability [3]. The vulnerability is rated as Medium severity (CVSS v3 6.4) [CVE header].
Mitigation: The vulnerability was publicly disclosed on January 21, 2022, and affects Banco Guayaquil version 8.0.0 [1]. Users should update to a patched version if available. As of the publication date, no official patch has been confirmed, and the application remains available on the App Store [2]. Users are advised to monitor vendor updates and apply security patches promptly.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: = 8.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.