Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrR0hansh8815B642-BD9B-4737-951B-BDE7319FAEDD
HistoryJan 02, 2022 - 12:30 p.m.

Code Injection in microweber/microweber

2022-01-0212:30:14
r0hansh
www.huntr.dev
12
code injection
html injection
comments module
admin panel security
website structure
leave comment button

EPSS

0.001

Percentile

35.0%

JSON

Description

HTML Injection is a vulnerability in which the attacker can inject malicious html content in the webpage.

Proof of Concept

1 Admin has enabled Comments module, so that people can comment on a blog post.
2 Attacker post the following comment:

<s>&lt;marquee&gt;<h1>SOMETHING+SOMETHING

Now, observe the changes in the webpage: This html gets executed. The footer of webpage is striked out etc.

Impact

Attackers can change the structure of webpage using different tags like &lt;marquee&gt;, <h1>, <center>, <s> etc.
Attackers can even hide the Leave Comment button
This html code also executes in the admin panel when admin checks the comments on a post.

Related

osv 2
veracode 1
github 1
prion 1
cvelist 1
nvd 1
cve 1
osv
osv
CVE-2022-0282
2022-01-20 12:15:08
Code Injection in microweber
2022-01-21 18:02:39
veracode
veracode
HTML Injection
2022-01-21 08:48:09
github
github
Code Injection in microweber
2022-01-21 18:02:39
prion
prion
Cross site scripting
2022-01-20 12:15:00
cvelist
cvelist
CVE-2022-0282 Cross-site Scripting in microweber/microweber
2022-01-20 11:15:11
nvd
nvd
CVE-2022-0282
2022-01-20 12:15:08
cve
cve
CVE-2022-0282
2022-01-20 12:15:08

EPSS

0.001

Percentile

35.0%

JSON
Related for 8815B642-BD9B-4737-951B-BDE7319FAEDD
osv2veracode1github1prion1cvelist1nvd1cve1