Lucene search
R0hansh64495D0F-D5EC-4542-9693-32372C18D030HistoryJan 02, 2022 - 2:51 p.m.
Cross-site Scripting (XSS) - Stored in microweber/microweber
2022-01-0214:51:30
r0hansh
www.huntr.dev
4
0.001 Low
EPSS
Percentile
21.6%
Description
Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim’s browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage.
Proof of Concept
1 Visit “Contact Us” page and put <img src> in Message field. Click on Send Message button.
2 Now, the admin opens the Contact Us module in admin panel and attacker’s xss payload will be executed.
Impact
The attacker can execute any arbitrary javascript code and acheive the following:
- Steal CSRF token of the admins and do any unintended actions on their behalf like enable/disable a module, change website etc.
- Execute malicious javascript e.g. crypto miners
and many more…
Related
cnvd
cnvd
microweber cross-site scripting vulnerability
2022-01-23 00:00:00
nvd
nvd
CVE-2022-0278
2022-01-20 10:15:09
veracode
veracode
Cross-site Scripting (XSS)
2022-01-21 08:38:02
cvelist
cvelist
CVE-2022-0278 Cross-site Scripting (XSS) - Stored in microweber/microweber
2022-01-20 10:10:11
prion
prion
Cross site scripting
2022-01-20 10:15:00
osv
osv
Cross-site Scripting in microweber
2022-01-21 18:06:49
CVE-2022-0278
2022-01-20 10:15:09
github
github
Cross-site Scripting in microweber
2022-01-21 18:06:49
cve
cve
CVE-2022-0278
2022-01-20 10:15:09