Lucene search
Daman-preet-singh16B0547B-1BB3-493C-8A00-5B6A11FCA1C5HistoryFeb 20, 2022 - 3:32 a.m.
Cross-site Scripting (XSS) - Reflected
2022-02-2003:32:54
daman-preet-singh
www.huntr.dev
13
0.001 Low
EPSS
Percentile
21.6%
Description
The endpoint https://demo.microweber.org/demo/admin/post/{id}/edit is vulnerable to cross site scripting.
The “Edit source” field is affected.
Proof of Concept
- Login into https://demo.microweber.org
- Navigate to https://demo.microweber.org/demo/admin/post/25/edit
- click EditSource, and put this payload:
<img src>
- and click Ok
- The xss payload will be executed.
Impact
Cross site scripting attacks can lead to account takeover via cookie stealing, temporary webpage deface, redirections etc.
Related
osv
osv
Cross-site Scripting in microweber
2022-02-27 00:00:15
CVE-2022-0723
2022-02-26 11:15:07
cvelist
cvelist
github
github
Cross-site Scripting in microweber
2022-02-27 00:00:15
cve
cve
CVE-2022-0723
2022-02-26 11:15:07
prion
prion
Cross site scripting
2022-02-26 11:15:00
veracode
veracode
Cross-site Scripting (XSS)
2022-02-28 04:51:16
cnvd
cnvd
Microweber Cross-Site Scripting Vulnerability (CNVD-2022-15527)
2022-03-01 00:00:00
nvd
nvd
CVE-2022-0723
2022-02-26 11:15:07