CVE-2022-0379

Description

There is a persistent XSS Vulnerability exsists in the checkout page where we can able to execute any javascription in the last name field

How to fix CVE-2022-0379

To remediate CVE-2022-0379, upgrade the affected package to a fixed version below.

• Packagist/microweber/microweber—upgrade to 1.2.11 or later

Is CVE-2022-0379 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.2.11

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-0379
• PATCHgithub.com/microweber/microweber
• WEBgithub.com/microweber/microweber/commit/f017cbfbd5c4f097d2c78c5e15b6c8a9da479d7b
• WEBhuntr.dev/bounties/933f94b8-c5e7-4c3a-92e0-4d1577d5fee6