[microweber/microweber] Unrestricted file upload leads to stored cross-site scripting in Microweber

Microweber prior to version 1.2.12 allows unrestricted file upload, which could lead to stored cross-site scripting.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-0906
• https://github.com/microweber/microweber/commit/d9bae9df873c2d2a13a2eb08d512019d49ebca68
• https://huntr.dev/bounties/87ed3b42-9824-49b0-91a5-fd908a0601e8
• https://github.com/advisories/GHSA-hf4q-52×6-4p57