CVE-2022-2174 Scanner

Microweber is an open-source content management system and website builder. It is designed to allow individuals and businesses to easily create websites and online stores without the need for coding knowledge. The platform utilizes a drag-and-drop interface, making it accessible to users of all skill levels. Microweber is built on top of the Laravel PHP framework, ensuring a robust and secure foundation for websites. It's popular among small to medium-sized businesses for its ease of use, flexibility, and comprehensive e-commerce solutions.

The vulnerability specifically exists due to improper handling of user input in the type parameter of the /api/module endpoint. By crafting a request that includes a malicious script in the type parameter, an attacker can execute arbitrary JavaScript code in the browser of any user who accesses the crafted URL. The absence of proper sanitization and output encoding makes the application vulnerable to XSS, where the attacker's code can run under the guise of the legitimate site.

The exploitation of this XSS vulnerability can lead to various adverse effects, including but not limited to, session hijacking, phishing attacks, redirection to malicious sites, and unauthorized access to sensitive information. It undermines the integrity and confidentiality of user sessions and can damage the reputation of businesses utilizing the Microweber platform for their websites or online stores.

SecurityForEveryone provides a robust platform for detecting and managing vulnerabilities like CVE-2022-2174 in Microweber and other digital assets. By becoming a member, users benefit from comprehensive security scans, real-time alerts, and expert recommendations to address vulnerabilities effectively. Our service enhances your cybersecurity posture, helping to protect your website against attacks and ensuring the safety of your data and your users' information.

References

• https://huntr.dev/bounties/ac68e3fc-8cf1-4a62-90ee-95c4b2bad607/
• https://nvd.nist.gov/vuln/detail/CVE-2022-2174
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2174
• https://www.tenable.com/cve/CVE-2022-2174
• https://github.com/microweber/microweber/commit/c51285f791e48e536111cd57a9544ccbf7f33961