Microweber versions 1.3.1 and prior are vulnerable to HTML injection that an attacker can use to redirect someone to a malicious site. A patch is available at commit 68f0721571653db865a5fa01c7986642c82e919c and expected to be part of version 1.3.2.

Affected Packages

Packagist microweber/microweber

Affected versions: 0 (fixed in 1.3.2)

Related CVEs

CVE-2022-3242

Key Information

GHSA ID

GHSA-232p-59mg-f98p

Published

September 21, 2022 12:00 AM

Last Modified

September 21, 2022 9:36 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

microweber/microweber

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 5, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.