2 matches found
CVE-2022-2280 Cross-site Scripting (XSS) - Stored in microweber/microweber
Cross-site Scripting XSS - Stored in GitHub repository microweber/microweber prior to 1.2.19...
CVE-2022-2280
The CVE-2022-2280 issue affects microweber/microweber prior to 1.2.19 and is a stored XSS vulnerability. Public sources indicate the vulnerability arises from SVG content not being properly sanitized (plupload.php), allowing injected JavaScript when an SVG is processed. CVSS 3.1 base score is 5.4...