.. / CVE-2023-5244

Exploit for Microweber < V.2.0 - Cross-Site Scripting (CVE-2023-5244)

Description:

Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editor_tools/rte_image_editor endpoint.

Nuclei Template

View the template here CVE-2023-5244.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-5244.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-5244
https://huntr.dev/bounties/a3bd58ba-ca59-4cba-85d1-799f73a76470
https://vuldb.com/?id.240778
https://huntr.dev/bounties/a3bd58ba-ca59-4cba-85d1-799f73a76470/
https://github.com/microweber/microweber/commit/1cb846f8f54ff6f5c668f3ae64dd81740a7e8968