Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS03OWd4LTNmbTgtcXhxcc4AAwCx

Moderate EPSS: 0.0088% (0.74567 Percentile) EPSS:
Permalink JSON

Microweber vulnerable to cross-site scripting (XSS)

Affected Packages Affected Versions Fixed Versions
packagist:microweber/microweber <= 1.3.1 No known fixed version
1 Dependent packages
5 Dependent repositories
13,446 Downloads total

Affected Version Ranges

All affected versions

0.9.346, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 1.2.16, 1.2.17, 1.2.18, 1.2.19, 1.2.20, 1.2.21, 1.3.0, 1.3.1

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter. There was a patch released in the development branch but is not yet committed to the main branch.

References:

Identifiers

GHSA-79gx-3fm8-qxqq

CVE-2022-0698

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.0088

EPSS Percentile: 0.74567

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/microweber/microweber

Date and time

Published

almost 3 years ago

Updated

4 months ago

API

JSON