Cross-site Scripting (XSS) - Reflected in microweber/microweber


Reported on

Feb 19th 2022


Hi, The endpoint is vulnerable to Cross Site Scripting.

Proof of Concept

  1. just navigate to the poc url:

  2. now move your mouse on the page, you will see a xss popup.

(login if site asks)


Cross site scripting attacks can lead to account takeover via cookie stealing, temporary site deface, redirecting users to attackers controlled sites etc.

We are processing your report and will contact the microweber team within 24 hours. 2 years ago
Peter Ivanov validated this vulnerability 2 years ago
daman-preet-singh has been awarded the disclosure bounty
The fix bounty is now up for grabs
Peter Ivanov marked this as fixed in 1.2.11 with commit f7f5d4 2 years ago
Peter Ivanov has been awarded the fix bounty
to join this conversation