CVE-2023-47379

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.

Microweber CMS versión 2.0.1 es vulnerable a Cross Site Scripting (XSS) almacenado a través de la funcionalidad de subida de archivos de imagen de perfil.

*Credits: N/A

CVSS Scores

NISTv3.1 5.4

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-11-06 CVE Reserved
2023-11-08 CVE Published
2024-09-03 CVE Updated
2024-11-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (3)

URL	Tag	Source
https://github.com/microweber/microweber/blob/master/CHANGELOG.md	Release Notes
https://www.getastra.com/blog/security-audit/stored-xss-vulnerability	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/microweber/microweber/commit/c6e7ea9d0abd7564a3bb23c14ad172e4ccf27a7e#diff-fac4e7e9eca69c10d074bf8c5eac7f64b018c6b4d91dcad54b340a8560049e00	2023-11-15

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microweber Search vendor "Microweber"		Microweber Search vendor "Microweber" for product "Microweber"				2.0.1 Search vendor "Microweber" for product "Microweber" and version "2.0.1"		-		Affected