CVE-2022-33098
published 2022-07-07CVE-2022-33098: Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to…
PriorityP353medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
50.54%
98.8th percentile
Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| magnolia-cms | magnolia_cms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/magnoliaAuthor/.magnolia/admincentral/APP/UPLOAD/0/140/action/cba61868-b27a-4d50-983d-adf48b992be1↗
urlhttps://nexus.magnolia-cms.com/service/local/repositories/magnolia.public.releases/content/info/magnolia/bundle/magnolia-community-demo-webapp/6.2.19/magnolia-community-demo-webapp-6.2.19-tomcat-bundle.zip↗
- →Monitor for POST requests to the Magnolia CMS upload endpoint path pattern /magnoliaAuthor/.magnolia/admincentral/APP/UPLOAD/ containing multipart file uploads with Content-Type: image/svg+xml, which is the delivery vector for the malicious SVG payload. ↗
- →Alert on file uploads where the declared Content-Type is image/svg+xml but the filename has an .svg extension and the body contains JavaScript (e.g., <script> tags or alert() calls), indicating a stored XSS attempt via SVG upload. ↗
- →The exploit targets the Edit Contact / profile picture upload functionality. Inspect SVG files uploaded to Magnolia CMS contact profiles for embedded JavaScript or event handlers. ↗
- ·The exploit requires an authenticated user account with permissions to upload a profile picture for a contact. Unauthenticated exploitation is not possible; restrict the upload permission to trusted roles. ↗
- ·The upload endpoint path segment (e.g., /0/140/action/<UUID>) may vary per session or instance; detection rules should use a wildcard/regex on the /magnoliaAuthor/.magnolia/admincentral/APP/UPLOAD/ prefix rather than the exact path. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2022-07-07
Published