CVE-2022-3245

Improper Control of Generation of Code ('Code Injection') in packagist/microweber/microweber

Identifiers

GHSA-gm8c-w9cm-c445, CVE-2022-3245

Package Slug

packagist/microweber/microweber

Vulnerability

Improper Control of Generation of Code ('Code Injection')

Description

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.

Affected Versions

All versions up to 1.3.1

Solution

Upgrade to version 1.3.2 or above.

Last Modified

2022-09-22

source