Cross-site Scripting (XSS) - Stored in microweber/microweber

Valid

Reported on

Jan 22nd 2022

Description

There is a persistent XSS Vulnerability exsists in the checkout page where we can able to execute any javascription in the last name field

We are processing your report and will contact the microweber team within 24 hours. a year ago
Nithissh12 modified the report
a year ago
We have contacted a member of the microweber team and are waiting to hear back a year ago
We have sent a follow up to the microweber team. We will try again in 7 days. a year ago
Peter Ivanov validated this vulnerability a year ago
Nithissh12 has been awarded the disclosure bounty
The fix bounty is now up for grabs
Peter Ivanov marked this as fixed in 1.2.11 with commit f017cb a year ago
Peter Ivanov has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation