CVE-2022-3245 Vulnerability Details

  /     /     /  

CVE-2022-3245 Metadata Quick Info

CVE Published: 20/09/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: @huntrdev | Vendor: microweber | Product: microweber/microweber
Status : PUBLISHED

---

CVE-2022-3245 Description

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-94
CWE Name: CWE-94 Improper Control of Generation of Code
Source: microweber

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).