cbcvebase.
CVE-2022-37153
published 2022-08-24

CVE-2022-37153: An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.

PriorityP179medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.39%
69.0th percentile
An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
articatechartica_proxy

Detection & IOCsextracted from sources · hover to see the quote

path/fw.login.php
commandPOST /fw.login.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded userfont=&artica-language=&StandardDropDown=&HTMLTITLE=&username=admin&password=admin%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
versionArtica Proxy 4.30.000000
  • Look for reflected XSS payload in HTTP response body: the string 'Password" value="admin">alert(document.domain)' appearing in the page body indicates successful exploitation of the password parameter reflection.
  • Detect exploitation attempts by monitoring POST requests to /fw.login.php where the password parameter contains URL-encoded HTML/script injection characters (e.g., %22%3E%3Cscript%3E).
  • Identify Artica Proxy instances via Shodan/FOFA fingerprinting on HTML body containing 'Artica' or 'artica' strings.
  • Vulnerable endpoint responds with HTTP 200 and Content-Type: text/html, with both the reflected XSS payload and 'Artica Web' present in the response body.
  • ·The XSS is reflected via the password parameter — exploitation requires user interaction (UI:R) as a victim must submit or load the crafted login form for the payload to execute.
  • ·Vulnerability is confirmed only on Artica Proxy version 4.30.000000; other versions are not specified as affected.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.