CVE-2022-0930: File upload filter bypass leading to stored XSS in microweber/microweber
First published: Sat Mar 12 2022(Updated: )
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
Credit: security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microweber Microweber | <1.2.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-0930.
What is the severity of CVE-2022-0930?
The severity of CVE-2022-0930 is high with a severity value of 4.8.
Which software versions are affected by CVE-2022-0930?
Versions of Microweber prior to 1.2.12 are affected by CVE-2022-0930.
How can I fix CVE-2022-0930?
To fix CVE-2022-0930, you should update your Microweber installation to version 1.2.12 or later.
What is the Common Weakness Enumeration (CWE) identifier for this vulnerability?
The Common Weakness Enumeration (CWE) identifier for this vulnerability is CWE-79 and CWE-434.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/author
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- agent/source
- vendor/microweber
- canonical/microweber microweber