CVE-2022-44787: n/a in n/a
An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page. As an example, the onmouseenter attribute is not sanitized.
AI Analysis
Technical Summary
CVE-2022-44787 is a reflected Cross-Site Scripting (XSS) vulnerability identified in the web application Appalti & Contratti version 9.12.2. The vulnerability arises because the application reflects the 'idPagina' parameter directly in the server response without applying any HTML encoding or sanitization. Specifically, the parameter's value is embedded in an attribute such as 'onmouseenter' within the HTML, which is executed when a user moves their mouse pointer over the affected element. This lack of input validation allows an attacker to inject malicious JavaScript code that executes in the context of the victim's browser session. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation. The CVSS v3.1 base score is 6.1, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) indicates that the attack can be launched remotely over the network with low attack complexity, requires no privileges, but does require user interaction (mouse movement). The vulnerability impacts confidentiality and integrity by allowing script execution that could steal session tokens, manipulate page content, or perform actions on behalf of the user. There is no indication of any known exploits in the wild or available patches at the time of publication. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the vulnerable component, such as user data or other parts of the application.
Potential Impact
For European organizations using Appalti & Contratti 9.12.2, this vulnerability poses a risk primarily to the confidentiality and integrity of user sessions and data. Since the application is related to contract and procurement management (as suggested by the product name), exploitation could lead to unauthorized disclosure of sensitive procurement information or manipulation of contract data. The reflected XSS could be leveraged by attackers to perform session hijacking, phishing, or delivering further malware payloads within the affected organization's network. This is particularly concerning for public sector entities and enterprises handling sensitive or regulated procurement processes. The requirement for user interaction (mouse movement) slightly reduces the risk but does not eliminate it, especially if attackers can craft convincing social engineering campaigns. The vulnerability does not impact availability directly but could indirectly affect trust and operational integrity. Given the medium severity and lack of known exploits, the immediate risk is moderate; however, the potential for targeted attacks against high-value European organizations remains significant.
Mitigation Recommendations
1. Immediate mitigation should include implementing proper input validation and output encoding on the 'idPagina' parameter to neutralize any embedded scripts, specifically encoding special characters in HTML attributes. 2. If source code modification is not immediately possible, deploying a Web Application Firewall (WAF) with custom rules to detect and block suspicious payloads targeting the 'idPagina' parameter can reduce exposure. 3. Educate users about the risk of interacting with untrusted links or emails that could trigger the XSS payload, emphasizing caution with unexpected URLs. 4. Monitor web server logs and application behavior for unusual requests or error patterns that may indicate attempted exploitation. 5. Coordinate with the vendor or development team to obtain or develop a security patch or upgrade to a fixed version as soon as it becomes available. 6. Employ Content Security Policy (CSP) headers to restrict the execution of inline scripts and reduce the impact of XSS attacks. 7. Conduct regular security assessments and penetration testing focusing on input validation and client-side script execution to identify similar vulnerabilities.
Affected Countries
Italy, Germany, France, Spain, Belgium, Netherlands
CVE-2022-44787: n/a in n/a
Description
An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page. As an example, the onmouseenter attribute is not sanitized.
AI-Powered Analysis
Technical Analysis
CVE-2022-44787 is a reflected Cross-Site Scripting (XSS) vulnerability identified in the web application Appalti & Contratti version 9.12.2. The vulnerability arises because the application reflects the 'idPagina' parameter directly in the server response without applying any HTML encoding or sanitization. Specifically, the parameter's value is embedded in an attribute such as 'onmouseenter' within the HTML, which is executed when a user moves their mouse pointer over the affected element. This lack of input validation allows an attacker to inject malicious JavaScript code that executes in the context of the victim's browser session. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation. The CVSS v3.1 base score is 6.1, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) indicates that the attack can be launched remotely over the network with low attack complexity, requires no privileges, but does require user interaction (mouse movement). The vulnerability impacts confidentiality and integrity by allowing script execution that could steal session tokens, manipulate page content, or perform actions on behalf of the user. There is no indication of any known exploits in the wild or available patches at the time of publication. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the vulnerable component, such as user data or other parts of the application.
Potential Impact
For European organizations using Appalti & Contratti 9.12.2, this vulnerability poses a risk primarily to the confidentiality and integrity of user sessions and data. Since the application is related to contract and procurement management (as suggested by the product name), exploitation could lead to unauthorized disclosure of sensitive procurement information or manipulation of contract data. The reflected XSS could be leveraged by attackers to perform session hijacking, phishing, or delivering further malware payloads within the affected organization's network. This is particularly concerning for public sector entities and enterprises handling sensitive or regulated procurement processes. The requirement for user interaction (mouse movement) slightly reduces the risk but does not eliminate it, especially if attackers can craft convincing social engineering campaigns. The vulnerability does not impact availability directly but could indirectly affect trust and operational integrity. Given the medium severity and lack of known exploits, the immediate risk is moderate; however, the potential for targeted attacks against high-value European organizations remains significant.
Mitigation Recommendations
1. Immediate mitigation should include implementing proper input validation and output encoding on the 'idPagina' parameter to neutralize any embedded scripts, specifically encoding special characters in HTML attributes. 2. If source code modification is not immediately possible, deploying a Web Application Firewall (WAF) with custom rules to detect and block suspicious payloads targeting the 'idPagina' parameter can reduce exposure. 3. Educate users about the risk of interacting with untrusted links or emails that could trigger the XSS payload, emphasizing caution with unexpected URLs. 4. Monitor web server logs and application behavior for unusual requests or error patterns that may indicate attempted exploitation. 5. Coordinate with the vendor or development team to obtain or develop a security patch or upgrade to a fixed version as soon as it becomes available. 6. Employ Content Security Policy (CSP) headers to restrict the execution of inline scripts and reduce the impact of XSS attacks. 7. Conduct regular security assessments and penetration testing focusing on input validation and client-side script execution to identify similar vulnerabilities.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-11-07T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d983cc4522896dcbeeaca
Added to database: 5/21/2025, 9:09:16 AM
Last enriched: 6/25/2025, 1:34:44 AM
Last updated: 7/25/2025, 5:59:48 PM
Views: 9
Related Threats
CVE-2025-1500: CWE-434 Unrestricted Upload of File with Dangerous Type in IBM Maximo Application Suite
MediumCVE-2025-1403: CWE-502 Deserialization of Untrusted Data in IBM Qiskit SDK
HighCVE-2025-0161: CWE-94 Improper Control of Generation of Code ('Code Injection') in IBM Security Verify Access
HighCVE-2025-8866: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in YugabyteDB Inc YugabyteDB Anywhere
MediumCVE-2025-45146: n/a
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.