CVE-2024-40101

A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:30

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Aug/1 -

29 Aug 2024, 16:57

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en '/search' en microweber 2.0.15 y anteriores, que permite a atacantes remotos no autenticados inyectar scripts web o HTML arbitrarios a través del parámetro 'palabras clave'.
References () http://microweber.com - () http://microweber.com - Product
References () https://github.com/microweber/microweber/commit/0dede6886c6df3d1f31c4f4e3ba1ab4a336fbf79 - () https://github.com/microweber/microweber/commit/0dede6886c6df3d1f31c4f4e3ba1ab4a336fbf79 - Patch
References () https://seclists.org/fulldisclosure/2024/Aug/1 - () https://seclists.org/fulldisclosure/2024/Aug/1 - Mailing List, Third Party Advisory
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
First Time Microweber
Microweber microweber

06 Aug 2024, 14:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 14:16

Updated : 2024-11-21 09:30


NVD link : CVE-2024-40101

Mitre link : CVE-2024-40101

CVE.ORG link : CVE-2024-40101


JSON object : View

Products Affected

microweber

  • microweber
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')