Key Information from the Webpage Screenshot Severity Medium Date January 13, 2026 Affecting Ametys CMS 4.4.1 CVE ID CVE-2022-50937 CWE ID CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS Score 4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N References ExploitDB-50692 Vulnerability Lab Advisory Official Ametys CMS Homepage Credit Vulnerability-Lab Description Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modules.