CVE-2022-3245

Summary

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.

Affected Software

VendorProductVersion RangeStatus
microwebermicroweber/microweberunspecified < 1.3.2affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References