Exploitation Summary
EIP tracks 1 public exploit for CVE-2022-1163. PoCs published by Chetanya Sharma.
AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in MineWebCMS 1.15.2. The vulnerability allows an attacker to inject malicious scripts via the 'Link Name' and 'URL' fields in the admin navbar section, which then execute on the homepage.
Description
Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next.
Exploits (1)
exploitdb
WRITEUP
by Chetanya Sharma · textwebappsphp
https://www.exploit-db.com/exploits/50853
This is a writeup describing a stored XSS vulnerability in MineWebCMS 1.15.2. The vulnerability allows an attacker to inject malicious scripts via the 'Link Name' and 'URL' fields in the admin navbar section, which then execute on the homepage.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
MineWebCMS 1.15.2
Auth required
Prerequisites:
Admin access to the MineWebCMS application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/44d40f34-c391-40c0-a517-12a2c0258149
Patch, Third Party Advisory x_refsource_misc
https://github.com/mineweb/minewebcms/commit/06ce52c20f208b0bbf24c6480d60332c9dd19428
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/166629/minewebcms-1.15.2-Cross-Site-Scripting.html
Exploit, Third Party Advisory x_refsource_misc
https://www.exploit-db.com/exploits/50853
Scores
CVSS v3
4.8
EPSS
0.0351
EPSS Percentile
87.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
mineweb/minewebcms
< 1.15.2
Published
Mar 30, 2022
Tracked Since
Feb 18, 2026