Microweber Cross-site Scripting can result in redirection to a malicious site
Moderate severity
GitHub Reviewed
Published
Sep 21, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Description
Published by the National Vulnerability Database
Sep 20, 2022
Published to the GitHub Advisory Database
Sep 21, 2022
Reviewed
Sep 21, 2022
Last updated
Jan 30, 2023
Microweber versions 1.3.1 and prior are vulnerable to HTML injection that an attacker can use to redirect someone to a malicious site. A patch is available at commit 68f0721571653db865a5fa01c7986642c82e919c and expected to be part of version 1.3.2.
References