CVE-2022-1504

Name of the Vulnerable Software and Affected Versions microweber/microweber versions prior to 1.2.15

Description The issue is related to a Cross-Site Scripting (XSS) attack in the /demo/module/?module=HERE endpoint. XSS attacks typically allow an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control. The impact of such attacks can be significant, including theft of user data or taking control of user sessions.

Recommendations For versions prior to 1.2.15, update to version 1.2.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the /demo/module/?module=HERE endpoint until a patch is applied.