CVE-2022-50952

6.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the profile name input field. Attackers can inject malicious JavaScript code through POST requests that executes automatically when users view profiles, potentially stealing session cookies or performing unauthorized actions. This affects all users of the vulnerable iOS banking application.

💻 Affected Systems

Products:
  • Banco Guayaquil Mobile Banking
Versions: 8.0.0
Operating Systems: iOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the iOS mobile application version 8.0.0; other platforms and versions may have different security postures.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal banking session cookies, perform unauthorized transactions, or redirect users to phishing sites, potentially leading to financial loss and account compromise.

🟠

Likely Case

Session hijacking leading to unauthorized access to banking accounts and potential financial fraud.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, though some application functionality disruption may occur.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to view the malicious profile, but the payload executes automatically without further interaction. Attackers need to create or modify a profile with malicious input.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

1. Check Apple App Store for application updates
2. Update to the latest version if available
3. Monitor vendor communications for security patches

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement server-side input validation and output encoding for all user-controlled fields

Content Security Policy

all

Implement strict Content Security Policy headers to prevent script execution from untrusted sources

🧯 If You Can't Patch

  • Disable profile editing functionality in the application
  • Implement web application firewall rules to block XSS payloads in POST requests

🔍 How to Verify

Check if Vulnerable:

Test by submitting JavaScript payloads (e.g., <script>alert('XSS')</script>) in the profile name field and checking if it executes when viewing profiles

Check Version:

Check application version in iOS Settings > General > iPhone Storage > Banco Guayaquil

Verify Fix Applied:

Verify that submitted script payloads are properly sanitized and do not execute when viewing profiles

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests containing script tags or JavaScript code to profile endpoints
  • Multiple failed profile update attempts with suspicious payloads

Network Indicators:

  • HTTP POST requests to profile endpoints containing script tags or JavaScript payloads

SIEM Query:

source="application_logs" AND ("POST /profile" OR "update_profile") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2022-50952
CVSS v3 Score: 6.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: February 1, 2026
Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share This