CVE-2022-3245 MEDIUM

CVE-2022-3245: Code Injection in display of tag title on saving tags in microweber/microweber

Vendor Microweber
Product microweber/microweber
Weakness CWE-94 · Code injection
Published September 20, 2022
Last update May 27, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.

Key dates

02Disclosure timeline

September 20, 2022 CVE published
May 27, 2025 Record updated