Microweber Cross Site Scripting (XSS) vulnerability · CVE-2024-41380 · GitHub Advisory Database · GitHub

Microweber Cross Site Scripting (XSS) vulnerability

Moderate severity GitHub Reviewed Published Aug 5, 2024 to the GitHub Advisory Database • Updated Aug 5, 2024

Package

microweber/microweber (Composer)

Affected versions

<= 2.0.16

Patched versions

None

Description

Microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php.

References

Published by the National Vulnerability Database

Aug 5, 2024

Published to the GitHub Advisory Database Aug 5, 2024

Reviewed Aug 5, 2024

Last updated Aug 5, 2024

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N