Microweber prior to version 1.2.12 allows unrestricted file upload, which could lead to stored cross-site scripting. References https://nvd.nist.gov/vuln/detail/CVE-2022-0906 https://github.com/microweber/microweber/commit/d9bae9df873c2d2a13a2eb08d512019d49ebca68 https://huntr.dev/bounties/87ed3b42-9824-49b0-91a5-fd908a0601e8 https://github.com/advisories/GHSA-hf4q-52×6-4p57