Cross-site Scripting (XSS) - Reflected in microweber/microweber
Valid
Reported on
Feb 20th 2022
Description
The endpoint https://demo.microweber.org/demo/admin/post/{id}/edit is vulnerable to cross site scripting. The "Edit source" field is affected.
Proof of Concept
- Login into https://demo.microweber.org
- Navigate to https://demo.microweber.org/demo/admin/post/25/edit
- click EditSource, and put this payload:
<img src=x onerror=alert(1)>
- and click Ok
- The xss payload will be executed.
Impact
Cross site scripting attacks can lead to account takeover via cookie stealing, temporary webpage deface, redirections etc.
We are processing your report and will contact the
microweber
team within 24 hours.
a year ago
We have contacted a member of the
microweber
team and are waiting to hear back
a year ago
We have sent a
fix follow up to the
microweber
team.
We will try again in 7 days.
a year ago
to join this conversation