Lucene search
China National Vulnerability DatabaseCNVD-2022-20797HistoryMar 14, 2022 - 12:00 a.m.
Microweber Cross-Site Scripting Vulnerability (CNVD-2022-20797)
2022-03-1400:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
microweber
cross-site scripting
vulnerability
php
laravel
cms
file upload
validation
stored xss
sensitive information
phishing email
EPSS
0.001
Percentile
21.4%
Microweber is a drag-and-drop website builder and CMS based on the PHP Laravel framework. Microweber is vulnerable to a cross-site scripting vulnerability that stems from a file upload filter that fails to properly validate input parameters, which could be exploited to construct a stored XSS, obtain sensitive user information and construct a phishing email attack.
Related
prion
prion
Unrestricted file upload
2022-03-12 10:15:00
veracode
veracode
Cross-site Scripting (XSS)
2022-03-14 14:16:55
github
github
Cross-site Scripting in microweber
2022-03-13 00:00:54
osv
osv
Cross-site Scripting in microweber
2022-03-13 00:00:54
CVE-2022-0926
2022-03-12 10:15:08
cve
cve
CVE-2022-0926
2022-03-12 10:15:08
cvelist
cvelist
nvd
nvd
CVE-2022-0926
2022-03-12 10:15:08
huntr
huntr
File upload filter bypass leading to stored XSS
2022-03-09 18:40:30