CVE-2022-50937 MEDIUM

CVE-2022-50937: Ametys CMS v4.4.1 - Cross Site Scripting (XSS)

Vendor Ametys

Product Ametys CMS

Weakness CWE-79 · XSS

Published January 13, 2026

Last update April 7, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modules.

Key dates

02Disclosure timeline

January 13, 2026 CVE published

April 7, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-50937 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-26143 Rails Possible XSS Vulnerability in Action Controller CVE-2026-7230 SourceCodester Safety Anger Pad cross site scripting CVE-2023-33311 WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) CVE-2020-3599 Cisco Adaptive Security Appliance Software Web-Based Management Interface Reflected Cross-Site Scripting Vulnerability CVE-2025-28929 WordPress Tabbed Login Widget plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability