CVE-2022-0560
published 2022-02-11CVE-2022-0560: Open Redirect in Packagist microweber/microweber prior to 1.2.11.
PriorityP422medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.02%
59.1th percentile
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microweber | microweber | < 1.2.11 | 1.2.11 |
| microweber | microweber | >= 0 < 1.2.11 | 1.2.11 |
| microweber | microweber_microweber | >= unspecified < 1.2.11 | 1.2.11 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Open redirect in microweber
osv·2022-02-12
CVE-2022-0560 [MEDIUM] Open redirect in microweber
Open redirect in microweber
microweber prior to 1.2.11 is vulnerable to open redirect.
GHSA
Open redirect in microweber
ghsa·2022-02-12
CVE-2022-0560 [MEDIUM] CWE-601 Open redirect in microweber
Open redirect in microweber
microweber prior to 1.2.11 is vulnerable to open redirect.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/microweber/microweber/commit/72d4b12cc487f56a859a8570ada4efb77b4b8c63https://huntr.dev/bounties/c9d586e7-0fa1-47ab-a2b3-b890e8dc9b25https://github.com/microweber/microweber/commit/72d4b12cc487f56a859a8570ada4efb77b4b8c63https://huntr.dev/bounties/c9d586e7-0fa1-47ab-a2b3-b890e8dc9b25
2022-02-11
Published