CVE-2023-1881

Description

microweber/microweber prior to 1.3.3 is vulnerable to stored cross-site scripting (XSS) via the `X-Forwarded-For` header. This was fixed in version 1.3.3.

Affected packages (1)

• Packagist/microweber/microweberfrom 0, < 1.3.3

CVSS scores

References (4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-1881
• PATCHhttps://github.com/microweber/microweber
• WEBhttps://github.com/microweber/microweber/commit/8d039de2d615956f6df8df0bb1045ff3be88f183
• WEBhttps://huntr.dev/bounties/d5ebc2bd-8638-41c4-bf72-7c906c601344