Lucene search

GitHub Advisory DatabaseGHSA-232P-59MG-F98P

HistorySep 21, 2022 - 12:00 a.m.

Microweber Cross-site Scripting can result in redirection to a malicious site

2022-09-2100:00:52

CWE-79

GitHub Advisory Database

github.com

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.021 Low

EPSS

Percentile

89.1%

JSON

Microweber versions 1.3.1 and prior are vulnerable to HTML injection that an attacker can use to redirect someone to a malicious site. A patch is available at commit 68f0721571653db865a5fa01c7986642c82e919c and expected to be part of version 1.3.2.

CPENameOperatorVersion
microweber/microweberle1.3.1

CPE	Name	Operator	Version
	microweber/microweber	le	1.3.1

References

github.com/advisories/GHSA-232p-59mg-f98p

github.com/microweber/microweber/commit/68f0721571653db865a5fa01c7986642c82e919c

huntr.dev/bounties/3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf

nvd.nist.gov/vuln/detail/CVE-2022-3242

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.021 Low

EPSS

Percentile

89.1%

JSON

Related for GHSA-232P-59MG-F98P