China National Vulnerability DatabaseCNVD-2022-54325Microweber Cross-Site Scripting Vulnerability (CNVD-2022-54325)
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Microweber is an online store management system that provides drag-and-drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in versions of Microweber prior to 1.2.21, which stems from the fact that by uploading SVG files, users can perform stored XSS attacks. No detailed vulnerability details are available at this time.
| CPE | Name | Operator | Version |
|---|---|---|---|
| microweber microweber | lt | 1.2.21 |
Related
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N