Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS0yMzJwLTU5bWctZjk4cM4AAu9h

Moderate EPSS: 0.16186% (0.94541 Percentile) EPSS:
Permalink JSON

Microweber Cross-site Scripting can result in redirection to a malicious site

Affected Packages Affected Versions Fixed Versions
packagist:microweber/microweber <= 1.3.1 1.3.2
1 Dependent packages
5 Dependent repositories
13,393 Downloads total

Affected Version Ranges

All affected versions

0.9.346, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 1.2.16, 1.2.17, 1.2.18, 1.2.19, 1.2.20, 1.2.21, 1.3.0, 1.3.1

All unaffected versions

1.3.2, 1.3.3, 1.3.4, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19

Microweber versions 1.3.1 and prior are vulnerable to HTML injection that an attacker can use to redirect someone to a malicious site. A patch is available at commit 68f0721571653db865a5fa01c7986642c82e919c and expected to be part of version 1.3.2.

References:

Identifiers

GHSA-232p-59mg-f98p

CVE-2022-3242

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.16186

EPSS Percentile: 0.94541

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/microweber/microweber

Date and time

Published

almost 3 years ago

Updated

over 2 years ago

API

JSON