Lucene search

GitHub Advisory DatabaseGHSA-MV37-XRMC-HF64

HistoryFeb 21, 2023 - 3:30 p.m.

Microweber Cross-site Scripting vulnerability

2023-02-2115:30:23

CWE-79

GitHub Advisory Database

github.com

microweber

cross-site scripting

vulnerability

versions 1.2.12

content management system

malicious payload

incomplete fix

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.5%

JSON

Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.

Affected configurations

Vulners

Node

microwebermicroweberRange≤1.2.12

CPENameOperatorVersion
microweber/microweberle1.2.12

CPE	Name	Operator	Version
	microweber/microweber	le	1.2.12

References

github.com/advisories/GHSA-mv37-xrmc-hf64

github.com/microweber/microweber/commit/f3b86d59ab674dbf514f9f9948ddfa091739ab75

nvd.nist.gov/vuln/detail/CVE-2021-32856

securitylab.github.com/advisories/GHSL-2021-1005-Microweber/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.5%

JSON

Related for GHSA-MV37-XRMC-HF64