Microweber 1.2.11 and prior contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods.

Affected Packages

Packagist microweber/microweber

Affected versions: 0 (fixed in 1.2.12)

Related CVEs

CVE-2022-0954

Key Information

GHSA ID

GHSA-8c76-mxv5-w4g8

Published

March 16, 2022 12:00 AM

Last Modified

March 28, 2022 5:25 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

microweber/microweber

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 5, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.