PT-2021-20370 · Unknown · Microweber Cms
Nck0099
·
Published
2021-10-19
·
Updated
2021-10-25
·
CVE-2021-33988
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Microweber CMS version 1.2.7
Description:
A Cross Site Scripting (XSS) issue exists in the Login form, allowing a malicious user to execute Javascript by inserting code in the request form. This could potentially let attackers execute malicious scripts.
Recommendations:
For Microweber CMS version 1.2.7, consider disabling the Login form until a patch is available to prevent potential exploitation. Restrict access to the Login form to minimize the risk of XSS attacks. Avoid using the Login form with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Microweber Cms