Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1tdjM3LXhybWMtaGY2NM4AAxwi

Moderate EPSS: 0.0091% (0.74518 Percentile) EPSS:
Permalink JSON

Microweber Cross-site Scripting vulnerability

Affected Packages Affected Versions Fixed Versions
packagist:microweber/microweber <= 1.2.12 No known fixed version
1 Dependent packages
5 Dependent repositories
13,393 Downloads total

Affected Version Ranges

All affected versions

0.9.346, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12

Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.

References:

Identifiers

GHSA-mv37-xrmc-hf64

CVE-2021-32856

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.0091

EPSS Percentile: 0.74518

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/microweber/microweber

Date and time

Published

over 2 years ago

Updated

over 2 years ago

API

JSON