HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input. A patch is available on commit f20abf30a1d9c1426c5fb757ac63998dc5b92bfc and is anticipated to be part of version 1.3.2.

Affected Packages

Packagist microweber/microweber

Affected versions: 0 (fixed in 1.3.2)

Related CVEs

CVE-2022-3245

Key Information

GHSA ID

GHSA-gm8c-w9cm-c445

Published

September 21, 2022 12:00 AM

Last Modified

September 23, 2022 5:07 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

microweber/microweber

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 4, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.