Headline
CVE-2022-1584: update · microweber/microweber@527abd1
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim
@@ -616,6 +616,8 @@ public function module()
if(is_string($v)) {
$v = str_replace('<’, '-', $v);
$v = str_replace('>’, '-', $v);
$v = str_replace('"’, '-', $v);
$v = str_replace("’", '-', $v);
}
if(is_array($v)) {
$v = $xssClean->cleanArray($v);
@@ -626,6 +628,8 @@ public function module()
if(is_string($k)){
$k = str_replace('<’, '-', $k);
$k = str_replace('>’, '-', $k);
$k = str_replace('"’, '-', $k);
$k = str_replace("’", '-', $k);
$k = $xssClean->clean($k);
if($k){