CVE-2022-3242
published 2022-09-20CVE-2022-3242: Code Injection in GitHub repository microweber/microweber prior to 1.3.2.
PriorityP338medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.36%
68.2th percentile
Code Injection in GitHub repository microweber/microweber prior to 1.3.2.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microweber | microweber | < 1.3.2 | 1.3.2 |
| microweber | microweber | >= 0 < 1.3.2 | 1.3.2 |
| microweber | microweber_microweber | >= unspecified < 1.3.2 | 1.3.2 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Microweber Cross-site Scripting can result in redirection to a malicious site
ghsa·2022-09-21
CVE-2022-3242 [MEDIUM] CWE-79 Microweber Cross-site Scripting can result in redirection to a malicious site
Microweber Cross-site Scripting can result in redirection to a malicious site
Microweber versions 1.3.1 and prior are vulnerable to HTML injection that an attacker can use to redirect someone to a malicious site. A patch is available at commit 68f0721571653db865a5fa01c7986642c82e919c and expected to be part of version 1.3.2.
OSV
Microweber Cross-site Scripting can result in redirection to a malicious site
osv·2022-09-21
CVE-2022-3242 [MEDIUM] Microweber Cross-site Scripting can result in redirection to a malicious site
Microweber Cross-site Scripting can result in redirection to a malicious site
Microweber versions 1.3.1 and prior are vulnerable to HTML injection that an attacker can use to redirect someone to a malicious site. A patch is available at commit 68f0721571653db865a5fa01c7986642c82e919c and expected to be part of version 1.3.2.
No detection rules found.
Nuclei
Microweber <1.3.2 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-3242 [MEDIUM] Microweber <1.3.2 - Cross-Site Scripting
Microweber alert(document.domain)") && contains(tolower(body), "microweber")'
condition: and
# digest: 4a0a0047304502203440f2831654d8901b33a62642037dcbc9510e02fd66ae6dc9d509bd6641be830221008ca9c90b252ce9777440db9024456b5b09250b3590733aaeafb915c3f8bcb714:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://github.com/microweber/microweber/commit/68f0721571653db865a5fa01c7986642c82e919chttps://huntr.dev/bounties/3e6b218a-a5a6-40d9-9f7e-5ab0c6214fafhttps://github.com/microweber/microweber/commit/68f0721571653db865a5fa01c7986642c82e919chttps://huntr.dev/bounties/3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf
2022-09-20
Published