CVE-2022-0698 Information

Description

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the ‘select-file’ parameter.

Reference

https://github.com/microweber/microweber/ https://fluidattacks.com/advisories/garrix/