CVE-2022-2353

Name of the Vulnerable Software and Affected Versions microweber/microweber versions prior to 1.2.20

Description The issue is due to improper neutralization of input, allowing an attacker to steal tokens and perform cross-site request forgery, fetch contents from the same site, and redirect a user.

Recommendations For versions prior to 1.2.20, update to version 1.2.20 or later to resolve the issue. As a temporary workaround, consider implementing additional input validation and sanitization measures to minimize the risk of exploitation. Restrict access to sensitive tokens and ensure proper authentication and authorization mechanisms are in place to prevent unauthorized actions.