Cross-site Scripting (XSS) - Reflected in microweber/microweber


Reported on

Feb 19th 2022


Hi, The endpoint is vulnerable to Cross Site Scripting.

Proof of Concept

  1. just navigate to the poc url:

  2. now move your mouse on the page, you will see a xss popup.

(login if site asks)


Cross site scripting attacks can lead to account takeover via cookie stealing, temporary site deface, redirecting users to attackers controlled sites etc.

We are processing your report and will contact the microweber team within 24 hours. 3 months ago
Peter Ivanov validated this vulnerability 3 months ago
Damanpreet has been awarded the disclosure bounty
The fix bounty is now up for grabs
Peter Ivanov confirmed that a fix has been merged on f7f5d4 3 months ago
Peter Ivanov has been awarded the fix bounty
to join this conversation