CVE-2022-44787

An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page...

PT-2022-27310 · Unknown · Appalti & Contratti

Name of the Vulnerable Software and Affected Versions: Appalti & Contratti version 9.12.2 Description: The web application is vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the...

PT-2022-27311 · Unknown · Appalti & Contratti

Name of the Vulnerable Software and Affected Versions: Appalti & Contratti version 9.12.2 Description: An issue was discovered that allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a...

PT-2022-27309 · Unknown · Appalti & Contratti

Name of the Vulnerable Software and Affected Versions: Appalti & Contratti version 9.12.2 Description: An issue was discovered in the target web applications, allowing Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do...