Prior to Microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery (CSRF), fetch contents from same-site and redirect a user.

Affected Packages

Packagist microweber/microweber

Affected versions: 0 (fixed in 1.2.20)

Related CVEs

CVE-2022-2353

Key Information

GHSA ID

GHSA-gmh3-x5w7-jg5m

Published

July 10, 2022 12:00 AM

Last Modified

July 20, 2022 4:52 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

microweber/microweber

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.