CVE-2023-47379 — MEDIUM (5.4)

Vulnerability Description

Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Microweber	Microweber	2.0.1

Related Weaknesses (CWE)

CWE-79

References

https://github.com/microweber/microweber/blob/master/CHANGELOG.mdRelease Notes
https://github.com/microweber/microweber/commit/c6e7ea9d0abd7564a3bb23c14ad172e4Patch
https://www.getastra.com/blog/security-audit/stored-xss-vulnerability/Third Party Advisory
https://github.com/microweber/microweber/blob/master/CHANGELOG.mdRelease Notes
https://github.com/microweber/microweber/commit/c6e7ea9d0abd7564a3bb23c14ad172e4Patch
https://www.getastra.com/blog/security-audit/stored-xss-vulnerability/Third Party Advisory

FAQ

What is CVE-2023-47379?

CVE-2023-47379 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.

How severe is CVE-2023-47379?

CVE-2023-47379 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-47379?

Check the references section above for vendor advisories and patch information. Affected products include: Microweber Microweber.