Cross-site scripting - DOM via view file function in microweber/microweber
Apr 28th 2022
Modules -> Files, when click a file will have a popup and in
URL will append
select-file= fragment, so this fragment in url lead to XSS-DOM.
Proof of Concept
Is this vulnerability CVE-ID signed?
Can i have CVE for this report?
Typically, we won't assign CVEs to reports that have such low-security impact - however, if the maintainer is happy to assign and publish one, we can.
@maintainer - are you happy for a CVE to be assigned and published for this report?
Hi @admin @maintainer,
There's unfairness here, because in other report in microweber with same attack vector but it marked high severity, have bounty and CVE, but mine is not :). I am so sorry because i dont understand.
You can see at https://huntr.dev/bounties/d9f9b5bd-16f3-4eaa-9e36-d4958b557687/
Please consider for me