microweber/microweber is vulnerable to reflected cross-site scripting (XSS) attacks. The library does not properly validate the POST
parameter namespaceMD5
, allowing an attacker to inject and execute malicious JavaScript.
CPE | Name | Operator | Version |
---|---|---|---|
microweber/microweber | le | v1.3.1 | |
microweber/microweber | le | v1.3.1 |
github.com/advisories/GHSA-3mmh-vq9w-4c3g
github.com/microweber/microweber/blob/v1.3.1/userfiles/modules/settings/group/language_import.php#L32
github.com/microweber/microweber/commit/df8add930ecfa7f5b18c67c3f748c137fe890906
huntr.dev/bounties/1fb2ce08-7016-45fa-b402-ec08d700e4df
huntr.dev/bounties/1fb2ce08-7016-45fa-b402-ec08d700e4df/