← voltar
CVE-2022-1439

Reflected XSS on demo.microweber.org/demo/module/ in microweber/microweber

CVSS 6.3 MEDIUMEPSS 3.2%CWE-79
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Produtos afetados
microweber · microweber/microweber

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/microweber/microweber/commit/ad3928f67b2cd4443f4323d858b666d35a919ba8https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0