Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-79gx-3fm8-qxqq: Microweber vulnerable to cross-site scripting (XSS)

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the ‘select-file’ parameter. There was a patch released in the development branch but is not yet committed to the main branch.

ghsa
#xss#web#git#auth

Microweber vulnerable to cross-site scripting (XSS)

Moderate severity GitHub Reviewed Published Nov 25, 2022 • Updated Dec 2, 2022

Related news

CVE-2022-0698: GitHub - microweber/microweber: Drag and Drop Website Builder and CMS with E-commerce

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP