CVE-2022-3245

Опубликовано: 20 сент. 2022

Источник: nvd

CVSS3: 4.3

CVSS3: 6.1

EPSS Низкий

Описание

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.

Ссылки

https://github.com/microweber/microweber/commit/f20abf30a1d9c1426c5fb757ac63998dc5b92bfc
Patch
Third Party Advisory
https://huntr.dev/bounties/747c2924-95ca-4311-9e69-58ee0fb440a0
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/microweber/microweber/commit/f20abf30a1d9c1426c5fb757ac63998dc5b92bfc
Patch
Third Party Advisory
https://huntr.dev/bounties/747c2924-95ca-4311-9e69-58ee0fb440a0
Exploit
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*

Версия до 1.3.2 (исключая)

EPSS

Процентиль: 59%

0.00388

Низкий

4.3 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-94

CWE-79

Связанные уязвимости

GHSA-gm8c-w9cm-c445

CVSS3: 6.1

github

больше 3 лет назад

Microweber vulnerable to HTML Injection in create tag functionality

EPSS

Процентиль: 59%

0.00388

Низкий

4.3 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-94

CWE-79