CVE-2022-1439

MEDIUM6.3EPSS 43.8%

Cross-site Scripting in Microweber

Published: 4/23/2022Modified: 11/8/2023

Description

Microweber prior to 1.2.15 is vulnerable to reflected cross-site scripting on demo.microweber.org/demo/module/. This allows the execution of arbitrary JavaScript as the attacked user.

Affected packages (1)

Packagist/microweber/microweberfrom 0, < 1.2.15

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-1439
PATCHhttps://github.com/microweber/microweber
WEBhttps://github.com/microweber/microweber/commit/ad3928f67b2cd4443f4323d858b666d35a919ba8
WEBhttps://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0