Описание
Microweber vulnerable to HTML Injection in create tag functionality
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input. A patch is available on commit f20abf30a1d9c1426c5fb757ac63998dc5b92bfc and is anticipated to be part of version 1.3.2.
Пакеты
Наименование
microweber/microweber
composer
Затронутые версииВерсия исправления
<= 1.3.1
1.3.2
Связанные уязвимости
CVSS3: 6.1
nvd
больше 3 лет назад
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.