Title: Knap Advanced PHP Login 3.1.3 Persistent Cross-Site Scripting via Name Parameter Severity: Medium Date: 2/1/2026 CVE ID: CVE-2022-50940 CVE Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS V3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N References: - Vulnerability Lab Advisory - Laravel & Vue.js Credit: Vulnerability-Lab [Research Team] Description: Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially leading to session hijacking and persistent phishing attacks.