CVE-2022-0698: Microweber vulnerable to cross-site scripting (XSS)
(updated )
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the ‘select-file’ parameter. There was a patch released in the development branch but is not yet committed to the main branch.
References
Code Behaviors & Features
Detect and mitigate CVE-2022-0698 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →