Reflected Cross-Site Scripting Vulnerability in Microweber Web Application
CVE-2024-40101

6.1MEDIUM

Key Information:

Vendor: Microweber
Status: Microweber
Vendor: CVE Published:; 6 August 2024

Summary

A reflected Cross-Site Scripting vulnerability exists in the '/search' endpoint of the Microweber web application, specifically in versions 2.0.15 and earlier. This issue allows unauthenticated remote attackers to inject malicious web scripts or HTML through the 'keywords' parameter. Successful exploitation could enable attackers to execute arbitrary scripts in users' browsers, potentially leading to session hijacking, phishing, or further attacks on other user systems.

References

http://microweber.com

https://seclists.org/fulldisclosure/2024/Aug/1

https://github.com/microweber/microweber/commit/0dede6886...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 6, 2024
Vulnerability Reserved
Jul 5, 2024