Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-q3x2-jvp3-wj78

GitHub Security Advisory

Unrestricted XML files leading to cross-site scripting in Microweber

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Microweber prior to 1.2.12 allows unrestricted upload of XML files, which malicious actors can exploit to cause a stored cross-site scripting attack.

Affected Packages

Packagist microweber/microweber
Affected versions: 0 (fixed in 1.2.12)

Related CVEs

CVE-2022-0963

Key Information

GHSA ID
GHSA-q3x2-jvp3-wj78
Published
March 16, 2022 12:00 AM
Last Modified
March 29, 2022 3:42 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
microweber/microweber
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 15, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.