Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-2130 PoC — Microweber 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-2130.yaml
Associated Vulnerability
Title:Microweber 跨站脚本漏洞 (CVE-2022-2130)
Description:Microweber是美国Microweber社区的一套可提供拖拽功能的网上商店管理系统。该系统包括添加商品、图片等模块。 Microweber 1.2.17之前版本存在跨站脚本漏洞,该漏洞源于index.php和cssjson.js文件缺失对于用户提交的输入数据的过滤和转义。
Description
Cross-site Scripting (XSS) vulnerability in the /demo/editor_tools/module endpoint via the 'type' parameter.
File Snapshot

 id: CVE-2022-2130

info:
  name: Microweber < 1.2.17 - Cross-Site Scripting
  author: ritikchaddha
 

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.