CVE-2022-0379
published 2022-01-26CVE-2022-0379: Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.86%
53.8th percentile
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microweber | microweber | < 1.2.11 | 1.2.11 |
| microweber | microweber | >= 0 < 1.2.11 | 1.2.11 |
| microweber | microweber_microweber | >= unspecified < 1.2.11 | 1.2.11 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross-site Scripting in microweber
osv·2022-01-28
CVE-2022-0379 [MEDIUM] Cross-site Scripting in microweber
Cross-site Scripting in microweber
There is a persistent XSS Vulnerability exsists in the checkout page where we can able to execute any javascription in the last name field
GHSA
Cross-site Scripting in microweber
ghsa·2022-01-28
CVE-2022-0379 [MEDIUM] CWE-79 Cross-site Scripting in microweber
Cross-site Scripting in microweber
There is a persistent XSS Vulnerability exsists in the checkout page where we can able to execute any javascription in the last name field
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/microweber/microweber/commit/f017cbfbd5c4f097d2c78c5e15b6c8a9da479d7bhttps://huntr.dev/bounties/933f94b8-c5e7-4c3a-92e0-4d1577d5fee6https://github.com/microweber/microweber/commit/f017cbfbd5c4f097d2c78c5e15b6c8a9da479d7bhttps://huntr.dev/bounties/933f94b8-c5e7-4c3a-92e0-4d1577d5fee6
2022-01-26
Published