GHSA-gm8c-w9cm-c445, CVE-2022-3245
packagist/microweber/microweber
Improper Control of Generation of Code ('Code Injection')
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.
All versions up to 1.3.1
Upgrade to version 1.3.2 or above.
2022-09-22
source |