Description
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/747c2924-95ca-4311-9e69-58ee0fb440a0
Patch, Third Party Advisory x_refsource_misc
https://github.com/microweber/microweber/commit/f20abf30a1d9c1426c5fb757ac63998dc5b92bfc
Scores
CVSS v3
6.1
EPSS
0.0043
EPSS Percentile
62.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-94
CWE-79
Status
published
Products (2)
microweber/microweber
< 1.3.2
microweber/microweber
0 - 1.3.2Packagist
Published
Sep 20, 2022
Tracked Since
Feb 18, 2026