Microweber Cross-Site Scripting Vulnerability (CNVD-2022-21818)

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in Microweber 1.2.11 and earlier versions, which stems from a lack of filtering and escaping of user-submitted parameters in the application. An attacker could use this vulnerability to execute JavaScript code on the client side.