Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2022-0698
Good to know:
Date: November 24, 2022
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix
Upgrade Version
Upgrade to version microweber/microweber - 1.2.11.x-dev;microweber/microweber - dev-1.2-dev;microweber/microweber - 1.2.17.x-dev;microweber/microweber - 1.3.2.x-dev;microweber/microweber - dev-1.0.4-ml;microweber/microweber - 1.2.7.x-dev;microweber/microweber - 1.2.6.x-dev;microweber/microweber - dev-1.2-test-pm;microweber/microweber - 1.2.15.x-dev;microweber/microweber - 1.2.18.x-dev;microweber/microweber - 1.2.4.x-dev;microweber/microweber - 1.x-dev;microweber/microweber - 1.3.1.x-dev;microweber/microweber - microweber-0.750;microweber/microweber - dev-Radanovn-patch-1;microweber/microweber - 1.2.16.x-dev;microweber/microweber - 1.2.19.x-dev;microweber/microweber - 1.2.8.x-dev;microweber/microweber - 1.2.3.x-dev;microweber/microweber - 1.2.13.x-dev;microweber/microweber - 1.2.21.x-dev;microweber/microweber - 1.2.20.x-dev;microweber/microweber - 1.2.14.x-dev;microweber/microweber - 1.2.5.x-dev;microweber/microweber - dev-1.3-dev;microweber/microweber - 1.2.12.x-dev;microweber/microweber - 1.2.9.x-dev;microweber/microweber - 1.2.10.x-dev
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | CHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | LOW |
| Availability (A): | NONE |