CVE-2022-0690

Description

microweber prior to version 1.2.11 is vulnerable to cross-site scripting.

How to fix CVE-2022-0690

To remediate CVE-2022-0690, upgrade the affected package to a fixed version below.

• Packagist/microweber/microweber—upgrade to 1.2.11 or later

Is CVE-2022-0690 being exploited?

Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.2.11

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-0690
• PATCHgithub.com/microweber/microweber
• WEBgithub.com/microweber/microweber/commit/f7f5d41ba1a08ceed37c00d5f70a3f48b272e9f2
• WEBhuntr.dev/bounties/4999a0f4-6efb-4681-b4ba-b36babc366f9