GHSA-jmwm-w2rm-prv9, CVE-2023-47379
packagist/microweber/microweber
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.
All versions before 2.0.3
Upgrade to version 2.0.3 or above.
2023-11-09
source |