Описание
Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially stealing session cookies and executing arbitrary JavaScript.
Ссылки
- Product
- Broken Link
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:microweber:microweber:2.0.15:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00044
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
около 2 месяцев назад
Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially stealing session cookies and executing arbitrary JavaScript.
EPSS
Процентиль: 13%
0.00044
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79