CVE-2022-0954

MEDIUM6.8EPSS 4.3%

Stored Cross-site Scripting in Microweber

Published: 3/16/2022Modified: 11/8/2023

Description

Microweber 1.2.11 and prior contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods.

Affected packages (1)

Packagist/microweber/microweberfrom 0, < 1.2.12

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.8	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0954
PATCHhttps://github.com/microweber/microweber
WEBhttps://github.com/microweber/microweber/commit/955471c27e671c49e4b012e3b120b004082ac3f7
WEBhttps://huntr.dev/bounties/b99517c0-37fc-4efa-ab1a-3591da7f4d26