CVE-2022-0930
published 2022-03-12CVE-2022-0930: File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
PriorityP421medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.90%
55.0th percentile
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome_chrome | — | — | |
| microweber | microweber | < 1.2.12 | 1.2.12 |
| microweber | microweber | >= 0 < 1.2.12 | 1.2.12 |
| microweber | microweber_microweber | >= unspecified < 1.2.12 | 1.2.12 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv3.08.0HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Cross-site Scripting in microweber
ghsa·2022-03-13
CVE-2022-0930 [HIGH] CWE-79 Cross-site Scripting in microweber
Cross-site Scripting in microweber
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
OSV
Cross-site Scripting in microweber
osv·2022-03-13
CVE-2022-0930 [HIGH] Cross-site Scripting in microweber
Cross-site Scripting in microweber
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
Chrome
Stable Channel Desktop Update: CVE-2023-0929
vendor_chrome·2023-02-22·CVSS 8.8
CVE-2023-0929 [HIGH] Stable Channel Desktop Update: CVE-2023-0929
Stable Channel Desktop Update
CVE-2023-0929: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2022-12-09 [$10000][ 1410766 ] High CVE-2023-0930: Heap buffer overflow in Video
Reported by Cassidy Kim(@cassidy6564) on 2023-01-27 [$3000][ 1407701 ] High CVE-2023-0931: Use after free in Video
Severity: high
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/microweber/microweber/commit/33eb4cc0f80c1f86388c1862a8aee1061fa5d72ehttps://huntr.dev/bounties/d184ce19-9608-42f1-bc3d-06ece2d9a993https://github.com/microweber/microweber/commit/33eb4cc0f80c1f86388c1862a8aee1061fa5d72ehttps://huntr.dev/bounties/d184ce19-9608-42f1-bc3d-06ece2d9a993
2022-03-12
Published