[microweber/microweber] Unrestricted XML files leading to cross-site scripting in Microweber

Microweber prior to 1.2.12 allows unrestricted upload of XML files, which malicious actors can exploit to cause a stored cross-site scripting attack.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-0963
• https://github.com/microweber/microweber/commit/975fc1d6d3fba598ee550849ceb81af23ce72e08
• https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c
• https://github.com/advisories/GHSA-q3x2-jvp3-wj78