CVE-2022-1555

Microweber vulnerable to cross-site scripting (XSS) in packagist/microweber/microweber

Identifiers

GHSA-6346-5r4h-ff5x, CVE-2022-1555

Package Slug

packagist/microweber/microweber

Vulnerability

Microweber vulnerable to cross-site scripting (XSS)

Description

DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...

Affected Versions

All versions up to 1.2.15

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-05-06

source