The microweber is cms of E-commerce. When user do logout, occur the reflected xss because not escaping of double quote for $redirect_to parameter in the back-end.
$redirectUrl = str_replace("\r", "", $redirectUrl);
This issue was fixed that add $clearInput->clean() function.
1. Login as to any account.
- 2022-02-18 15h 48m : Reported this issue via the huntr
- 2022-02-18 19h 48m : Validated this issue by Peter Ivanov
- 2022-02-18 19h 48m : Patched this issue by Peter Ivanov
- 2022-02-18 19h 48m : Assigned a CVE-2022-0678