CVE-2023-3142 LOW

CVE-2023-3142: Cross-site Scripting (XSS) - Stored in microweber/microweber

Vendor Microweber
Product microweber/microweber
Weakness CWE-79 · XSS
Published June 7, 2023
Last update January 6, 2025
View on NVD All CVEs

CVSS base score

3.8/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.

Key dates

02Disclosure timeline

June 7, 2023 CVE published
January 6, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-0506 Elementor Website Builder – More than Just a Page Builder <= 3.18.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_image_alt CVE-2023-45007 WordPress Fotomoto Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS) CVE-2024-0979 Dashboard Widgets Suite <= 3.4.3 - Reflected Cross-Site Scripting CVE-2023-48464 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2026-10514 1Panel-dev CordysCRM RequestParamTrimConfig.java cross site scripting