CVE-2022-2495 MEDIUM

CVE-2022-2495: Cross-site Scripting (XSS) - Stored in microweber/microweber

Vendor Microweber
Product microweber/microweber
Weakness CWE-79 · XSS
Published July 22, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.

Key dates

02Disclosure timeline

July 22, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-54718 WordPress Yogi - Health Beauty & Yoga theme <= 2.9.2 - Cross Site Scripting (XSS) vulnerability CVE-2026-27288 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2025-32195 WordPress Ecwid Shopping Cart plugin <= 7.0 - Cross Site Scripting (XSS) vulnerability CVE-2025-23366 Org.jboss.hal:hal-console: wildfly hal console cross-site scripting CVE-2024-4335 Rank Math SEO with AI Best SEO Tools <= 1.0.217 - Authenticated (Contributor+) Stored Cross-Site Scripting