Security
Headlines

Headlines Latest CVEs

Headline

GHSA-mv37-xrmc-hf64: Microweber Cross-site Scripting vulnerability

Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.

2 years ago

#xss #vulnerability #web #git

Microweber Cross-site Scripting vulnerability

Moderate severity GitHub Reviewed Published Feb 21, 2023 to the GitHub Advisory Database • Updated Feb 22, 2023

Related news

CVE-2021-32856: GHSL-2021-1005: Copy-paste XSS in Microweber text editor - CVE-2021-32856

Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.

2 years ago

#xss #vulnerability #web #git #chrome

ghsa: Latest News

GHSA-vh5j-5fhq-9xwg: Taylor has race condition in /get-patch that allows purchase token replay

1 day ago

GHSA-jfj7-249r-7j2m: TabberNeue vulnerable to Stored XSS through wikitext

1 day ago

GHSA-m435-9v6r-v5f6: MobSF vulnerability allows SSRF due to the allow_redirects=True parameter

1 day ago

GHSA-fv92-fjc5-jj9h: mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data

1 day ago

GHSA-277f-37gw-9gmq: raspap-webgui has a Directory Traversal vulnerability

1 day ago