CVE-2022-0378

Name of the Vulnerable Software and Affected Versions microweber/microweber versions prior to 1.2.11

Description The issue exists due to inadequate protection of the web page structure, allowing a remote attacker to conduct a cross-site scripting (XSS) attack. This is a reflected XSS vulnerability, which can be exploited via URL parameters. The vulnerability may allow an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or data theft.

Recommendations For microweber/microweber versions prior to 1.2.11, update to version 1.2.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the module endpoint, specifically the admin/modules/manage module, to minimize the risk of exploitation. Avoid using the id parameter in the affected API endpoint until the issue is resolved.