.. / CVE-2022-0963

Exploit for Microweber <1.2.12 - Stored Cross-Site Scripting (CVE-2022-0963)

Description:

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,.

Nuclei Template

View the template here CVE-2022-0963.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-0963.yaml
Copy

References:

https://github.com/advisories/GHSA-q3x2-jvp3-wj78
https://nvd.nist.gov/vuln/detail/CVE-2022-0963
https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c/
https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c
https://github.com/microweber/microweber/commit/975fc1d6d3fba598ee550849ceb81af23ce72e08