CVE-2022-3245
4.3
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Summary
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| microweber | microweber/microweber | unspecified < 1.3.2 | affected |
Weaknesses
- CWE-94: CWE-94 Improper Control of Generation of Code
ADP Enrichment
CVE Program Container
Additional References
- https://huntr.dev/bounties/747c2924-95ca-4311-9e69-58ee0fb440a0
- https://github.com/microweber/microweber/commit/f20abf30a1d9c1426c5fb757ac63998dc5b92bfc
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
References
- https://huntr.dev/bounties/747c2924-95ca-4311-9e69-58ee0fb440a0
- https://github.com/microweber/microweber/commit/f20abf30a1d9c1426c5fb757ac63998dc5b92bfc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.