CVE-2022-0378
published 2022-01-26CVE-2022-0378: Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
PriorityP335medium5.4CVSS 3.1
AVNACLPRNUIRSUCLILAN
EXPLOIT
EPSS
3.87%
88.9th percentile
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microweber | microweber | < 1.2.11 | 1.2.11 |
| microweber | microweber | >= 0 < 1.2.11 | 1.2.11 |
| microweber | microweber_microweber | >= unspecified < 1.2.11 | 1.2.11 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
nvdv3.07.1HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Cross-site Scripting in microweber
ghsa·2022-01-28
CVE-2022-0378 [MEDIUM] CWE-79 Cross-site Scripting in microweber
Cross-site Scripting in microweber
There is a reflected cross sitem scripting attack in microweber via url parameters.
OSV
Cross-site Scripting in microweber
osv·2022-01-28
CVE-2022-0378 [MEDIUM] Cross-site Scripting in microweber
Cross-site Scripting in microweber
There is a reflected cross sitem scripting attack in microweber via url parameters.
No detection rules found.
Nuclei
Microweber Cross-Site Scripting
nuclei·CVSS 5.4
CVE-2022-0378 [MEDIUM] Microweber Cross-Site Scripting
Microweber Cross-Site Scripting
Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11.
Template:
id: CVE-2022-0378
info:
name: Microweber Cross-Site Scripting
author: pikpikcu
severity: medium
description: Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Apply the latest security patch or upgrade to a version that has addressed the vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-0378
- https://github.com/microweber/
No writeups or analysis indexed.
https://github.com/microweber/microweber/commit/fc7e1a026735b93f0e0047700d08c44954fce9cehttps://huntr.dev/bounties/529b65c0-5be7-49d4-9419-f905b8153d31https://github.com/microweber/microweber/commit/fc7e1a026735b93f0e0047700d08c44954fce9cehttps://huntr.dev/bounties/529b65c0-5be7-49d4-9419-f905b8153d31
2022-01-26
Published