microweber

Valid

Reported on

Jun 17th 2022

Description

Reflected XSS with filter bypass on /editor_tools/module using type= parameter.

Proof of Concept

https://demo.microweber.org/demo/editor_tools/module?type="></div><script>alert("xss")</script>

The value of the "type" parameter is injected into the source code of the page at line 38. Since the value of the "type" parameter is not sanitized, it is possible to close the div tag with ' "></div> ' and then put javascript code.

Impact

Execute arbitrary JavaScript code with the privileges of the victim's user. This can be used for cookie stealing (account takeover), for example.

We are processing your report and will contact the microweber team within 24 hours. a year ago

We have contacted a member of the microweber team and are waiting to hear back a year ago

Peter Ivanov validated this vulnerability a year ago

jhond0e has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Peter Ivanov marked this as fixed in 1.2.17 with commit dbd37d a year ago

Peter Ivanov has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation