CVE-2022-3245

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3245

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3245.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-3245

Aliases

GHSA-gm8c-w9cm-c445

Published

2022-09-20T13:15:20Z

Modified

2025-12-04T10:25:39.515111Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L CVSS Calculator

Summary

Code Injection in display of tag title on saving tags in microweber/microweber

Details

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.

Database specific

{
    "cna_assigner": "@huntrdev",
    "cwe_ids": [
        "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/3xxx/CVE-2022-3245.json"
}

References

Affected packages

Git / github.com/microweber/microweber

Affected ranges

Type: GIT
Repo: https://github.com/microweber/microweber
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

68de7e91393cf707d308a0ceaeb0e301ab5eefcf

Affected versions

1.*

1.0.3

1.0.5-fix1

1.0.6

1.0.7

1.0.7-fix1

1.1

1.2.9

v1.*

v1.2.10

v1.2.11

v1.2.12

v1.2.13

v1.2.14

v1.2.15

v1.2.16

v1.2.17

v1.2.18

v1.2.19

v1.2.20

v1.2.21

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9

v1.3.0

v1.3.1