CVE-2022-0723

Description

Microweber prior to 1.2.11 is vulnerable to reflected cross-site scripting.

How to fix CVE-2022-0723

To remediate CVE-2022-0723, upgrade the affected package to a fixed version below.

• Packagist/microweber/microweber—upgrade to 1.2.11 or later

Is CVE-2022-0723 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.2.11

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-0723
• PATCHgithub.com/microweber/microweber
• WEBgithub.com/microweber/microweber/commit/15e519a86e4b24526abaf9e6dc81cb1af86843a5
• WEBhuntr.dev/bounties/16b0547b-1bb3-493c-8a00-5b6a11fca1c5