microweber/microweber is vulnerable to cross-site scripting. The vulnerability exists in saveCommentEdit
function of AdminCommentController.php
because this allows HTML tags in the blog comments which allows a malicious attacker to inject and execute html payloads.
CPE | Name | Operator | Version |
---|---|---|---|
microweber/microweber | le | v1.2.11 | |
microweber/microweber | le | v1.2.11 |