CVE-2022-44787 is a reflected Cross-Site Scripting (XSS) vulnerability identified in the web application Appalti & Contratti version 9.12.2. The vulnerability arises because the application reflects the 'idPagina' parameter directly in the server response without applying any HTML encoding or sanitization. Specifically, the parameter's value is embedded in an attribute such as 'onmouseenter' within the HTML, which is executed when a user moves their mouse pointer over the affected element. This lack of input validation allows an attacker to inject malicious JavaScript code that executes in the context of the victim's browser session. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation. The CVSS v3.1 base score is 6.1, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) indicates that the attack can be launched remotely over the network with low attack complexity, requires no privileges, but does require user interaction (mouse movement). The vulnerability impacts confidentiality and integrity by allowing script execution that could steal session tokens, manipulate page content, or perform actions on behalf of the user. There is no indication of any known exploits in the wild or available patches at the time of publication. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the vulnerable component, such as user data or other parts of the application.

For European organizations using Appalti & Contratti 9.12.2, this vulnerability poses a risk primarily to the confidentiality and integrity of user sessions and data. Since the application is related to contract and procurement management (as suggested by the product name), exploitation could lead to unauthorized disclosure of sensitive procurement information or manipulation of contract data. The reflected XSS could be leveraged by attackers to perform session hijacking, phishing, or delivering further malware payloads within the affected organization's network. This is particularly concerning for public sector entities and enterprises handling sensitive or regulated procurement processes. The requirement for user interaction (mouse movement) slightly reduces the risk but does not eliminate it, especially if attackers can craft convincing social engineering campaigns. The vulnerability does not impact availability directly but could indirectly affect trust and operational integrity. Given the medium severity and lack of known exploits, the immediate risk is moderate; however, the potential for targeted attacks against high-value European organizations remains significant.

1. Immediate mitigation should include implementing proper input validation and output encoding on the 'idPagina' parameter to neutralize any embedded scripts, specifically encoding special characters in HTML attributes. 2. If source code modification is not immediately possible, deploying a Web Application Firewall (WAF) with custom rules to detect and block suspicious payloads targeting the 'idPagina' parameter can reduce exposure. 3. Educate users about the risk of interacting with untrusted links or emails that could trigger the XSS payload, emphasizing caution with unexpected URLs. 4. Monitor web server logs and application behavior for unusual requests or error patterns that may indicate attempted exploitation. 5. Coordinate with the vendor or development team to obtain or develop a security patch or upgrade to a fixed version as soon as it becomes available. 6. Employ Content Security Policy (CSP) headers to restrict the execution of inline scripts and reduce the impact of XSS attacks. 7. Conduct regular security assessments and penetration testing focusing on input validation and client-side script execution to identify similar vulnerabilities.