Lucene search

GitHub Advisory DatabaseGHSA-JMWM-W2RM-PRV9

HistoryNov 08, 2023 - 6:30 p.m.

Microweber Cross-site Scripting vulnerability

2023-11-0818:30:31

CWE-79

GitHub Advisory Database

github.com

microweber

cms

xss

vulnerability

profile picture

upload

software

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.3%

JSON

Microweber CMS prior to version 2.0.3 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.

Affected configurations

Vulners

Node

microwebermicroweberRange<2.0.3

CPENameOperatorVersion
microweber/microweberlt2.0.3

CPE	Name	Operator	Version
	microweber/microweber	lt	2.0.3

References

github.com/advisories/GHSA-jmwm-w2rm-prv9

github.com/microweber/microweber/blob/master/CHANGELOG.md

github.com/microweber/microweber/commit/a481f079d74e82f6094abf15d67e814349d1038a

github.com/microweber/microweber/commit/c6e7ea9d0abd7564a3bb23c14ad172e4ccf27a7e#diff-fac4e7e9eca69c10d074bf8c5eac7f64b018c6b4d91dcad54b340a8560049e00

nvd.nist.gov/vuln/detail/CVE-2023-47379

www.getastra.com/blog/security-audit/stored-xss-vulnerability/