CVE-2022-45050 is a reflected Cross-Site Scripting (XSS) vulnerability identified in Axiell Iguana CMS versions prior to 4.5.02. The vulnerability arises due to improper neutralization of user-supplied input in the 'title' parameter of the twitter.php endpoint. Specifically, the application fails to adequately sanitize or encode this input before reflecting it back in the web page output, allowing an attacker to inject malicious scripts. When a victim accesses a crafted URL containing malicious code in the 'title' parameter, the injected script executes in the victim's browser context. This can lead to session hijacking, credential theft, unauthorized actions on behalf of the user, or redirection to malicious sites. The vulnerability is classified under CWE-79, which covers improper neutralization of input during web page generation. No public exploits are currently known in the wild, and no official patches have been linked, though the issue affects all versions before 4.5.02. The reflected nature of the XSS means that exploitation requires the victim to interact with a maliciously crafted link or page. The vulnerability does not require authentication to exploit, increasing its risk profile. Given the nature of Iguana CMS, which is used primarily by cultural heritage, library, and museum institutions for content management, the attack surface includes web-facing management portals and public-facing content pages that may incorporate dynamic content generation via the vulnerable endpoint.

For European organizations, particularly those in the cultural heritage, library, archival, and museum sectors that utilize Axiell Iguana CMS, this vulnerability poses a moderate risk. Successful exploitation could compromise the confidentiality and integrity of user sessions, potentially allowing attackers to impersonate legitimate users or steal sensitive information. This could lead to unauthorized changes in digital collections, defacement of public-facing websites, or leakage of sensitive institutional data. While the availability impact is limited, reputational damage and loss of trust from stakeholders and the public could be significant. Additionally, if attackers leverage this vulnerability as a foothold, it could facilitate further attacks within the organization's network. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as threat actors often weaponize such vulnerabilities post-disclosure. European organizations with public-facing Iguana CMS instances are therefore at risk of targeted phishing campaigns or drive-by attacks exploiting this XSS flaw.

Organizations should prioritize upgrading Axiell Iguana CMS to version 4.5.02 or later, where this vulnerability is addressed. In the absence of an official patch, applying web application firewall (WAF) rules that specifically filter or sanitize the 'title' parameter on the twitter.php endpoint can mitigate exploitation attempts. Implementing Content Security Policy (CSP) headers restricting script execution sources can reduce the impact of injected scripts. Regularly auditing web application logs for suspicious URL patterns targeting the vulnerable parameter can aid early detection. Additionally, educating users about the risks of clicking on untrusted links and employing browser security features such as XSS filters can provide layered defense. For organizations with custom integrations or plugins interacting with the twitter.php endpoint, code reviews should ensure proper input validation and output encoding. Finally, isolating the CMS environment and restricting administrative access via VPN or IP whitelisting can reduce exposure.