CVE-2022-1439

Name of the Vulnerable Software and Affected Versions microweber/microweber versions prior to 1.2.15

Description The issue is related to reflected cross-site scripting (XSS) on the demo.microweber.org/demo/module/ endpoint. This allows the execution of arbitrary JavaScript as the attacked user. It is noted that the only payload found working requires the user to press "tab", but it is likely that a payload exists that can run without user interaction.

Recommendations For versions prior to 1.2.15, update to version 1.2.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the demo.microweber.org/demo/module/ endpoint until the update is applied.