CVE-2023-47379
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/microweber/microweber
Identifiers
GHSA-jmwm-w2rm-prv9, CVE-2023-47379
Package Slug
packagist/microweber/microweber
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.
Affected Versions
All versions before 2.0.3
Solution
Upgrade to version 2.0.3 or above.
Last Modified
2023-11-09
| source |