Re: Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8

[Daniel Bishtawi <daniel () netsparker com>]

Hi Henri,

There was no response after the details had been sent to
peter () microweber com as requested by Microweber (info () microweber com).
They did not follow up with an update on the status of the fix once the
technical details has been sent, as requested and did not respond when we
tried to contact them. This is case closed from our point of view as the
technical details had been sent in April for a older version.

Regards,

Daniel Bishtawi
Marketing Administrator | Netsparker Web Application Security Scanner
Tel: +44 (0)20 3588 3843
Follow us on Twitter <https://twitter.com/netsparker> | LinkedIn
<https://www.linkedin.com/company/netsparker-ltd> | Facebook
<https://facebook.com/netsparker>


On Sat, Jan 5, 2019 at 1:32 PM Henri Salo <henri () nerv fi> wrote:

> On Thu, Jan 03, 2019 at 10:45:36AM +0100, Daniel Bishtawi wrote:
> > We are glad to inform you about the vulnerabilities we reported in
> > Microweber 1.0.8.
> > Affected Versions: 1.0.8
> > Homepage: https://github.com/microweber/microweber
> > Status: Not Fixed
> > CVE-ID: CVE-2018-19917
> > Netsparker Advisory Reference: NS-18-038
>
> >
> https://www.netsparker.com/web-applications-advisories/ns-18-038-reflected-cross-site-scripting-in-microweber/
> > 13th April 2018- First Contact
> > 14th April 2018 - Technical Details Sent
> > 28th June 2018 - Attempted to Contact
> > 3rd January 2019 - Advisory Released
>
> How did you contact vendor? Are you sure that they didn't fix this?  Latest
> version is 1.1.2 according to https://microweber.com/download. Do you
> plan to
> follow-up on this or is this case closed from your point of view?
>
> --
> Henri Salo

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/