CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3245 – Code Injection in display of tag title on saving tags in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-3245
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input. Un ataque de inyección HTML está estrechamente relacionado con un ataque de tipo Cross-site Scripting (XSS). • https://github.com/microweber/microweber/commit/f20abf30a1d9c1426c5fb757ac63998dc5b92bfc https://huntr.dev/bounties/747c2924-95ca-4311-9e69-58ee0fb440a0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2022-3242 – HTML code Injection in template search keyword in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-3242
Code Injection in GitHub repository microweber/microweber prior to 1.3.2. Una Inyección de código en el repositorio de GitHub microweber/microweber versiones anteriores a 1.3.2 • https://github.com/microweber/microweber/commit/68f0721571653db865a5fa01c7986642c82e919c https://huntr.dev/bounties/3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2777 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2777
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio GitHub microweber/microweber versiones anteriores a 1.3.1 • https://github.com/microweber/microweber/commit/60eef7494211d1c458228c321e986edeaa401a58 https://huntr.dev/bounties/13dd2f4d-0c7f-483e-a771-e1ed2ff1c36f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2470 – Cross-site Scripting (XSS) - Reflected in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2470
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.21 • https://github.com/microweber/microweber/commit/d28655183800b833abb20ccd55e1628f16ff65e4 https://huntr.dev/bounties/3f1f679c-c243-431c-8ed0-e61543b9921b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2495 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2495
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.21 • https://github.com/microweber/microweber/commit/d35e691e72d358430abc8e99f5ba9eb374423b9f https://huntr.dev/bounties/00affb69-275d-4f4c-b419-437922bc7798 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •