An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS0yMzJwLTU5bWctZjk4cM4AAu9h

Moderate EPSS: 0.16186% (0.94541 Percentile) EPSS:

Microweber Cross-site Scripting can result in redirection to a malicious site

Affected Packages Affected Versions Fixed Versions
packagist:microweber/microweber <= 1.3.1 1.3.2
1 Dependent packages
5 Dependent repositories
13,393 Downloads total

Affected Version Ranges

All affected versions

0.9.346, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 1.2.16, 1.2.17, 1.2.18, 1.2.19, 1.2.20, 1.2.21, 1.3.0, 1.3.1

All unaffected versions

1.3.2, 1.3.3, 1.3.4, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19

Microweber versions 1.3.1 and prior are vulnerable to HTML injection that an attacker can use to redirect someone to a malicious site. A patch is available at commit 68f0721571653db865a5fa01c7986642c82e919c and expected to be part of version 1.3.2.

References: