Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-54328
HistoryJul 26, 2022 - 12:00 a.m.

Microweber Cross-Site Scripting Vulnerability (CNVD-2022-54328)

2022-07-2600:00:00
China National Vulnerability Database
www.cnvd.org.cn
8

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Microweber is a drag-and-drop online store management system from the US Microweber community. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in versions of Microweber prior to 1.2.21. An attacker could use this vulnerability to execute cross-site scripting attacks.

CPENameOperatorVersion
microweber microweberlt1.2.21

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Related for CNVD-2022-54328