6 matches found
CVE-2022-1439
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction...
Reflected XSS
Description Bypass XSS filter on /module/ Proof of Concept https://demo.microweber.org/demo/module/?module=admin%2Fmodules%2Fmanage&id=x"draggable="true"ondragexit=alert1&class=x&fromurl=x Drag something around to trigger the XSS. Might only work in FireFox. How to fix This is still CVE-2022-1439...
CVE-2022-1439
creationtimestamp| type| source ---|---|--- 2022-04-22 20:28:04+00:00| seen| https://t.me/cibsecurity/41333 2024-11-24 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-11-24 2025-02-05 00:00:00+00:00| exploited| The Shadowserver...
CVE-2022-1439 Reflected XSS on demo.microweber.org/demo/module/ in microweber/microweber
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction...
CVE-2022-1439
CVE-2022-1439 is a documented reflected cross-site scripting vulnerability affecting Microweber prior to version 1.2.15, where an attacker could execute arbitrary JavaScript in the context of the victim’s browser on the vulnerable page (demo.microweber.org/demo/module/). Multiple connected source...
CVE-2022-1439 Reflected XSS on demo.microweber.org/demo/module/ in microweber/microweber
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction...