What is CVE-2023-2014?

CVE-2023-2014 is a medium-severity vulnerability affecting the microweber/microweber GitHub repository, specifically the Settings/Template module in versions up to 1.3.2. This Cross-site Scripting (XSS) vulnerability can impact web applications using the microweber/microweber project, potentially compromising the security of affected systems. Users are advised to update to version 1.3.3 or later to mitigate the risk associated with this vulnerability.

Who is impacted by this?

This issue is a Cross-site Scripting (XSS) vulnerability that can impact web applications built with the microweber/microweber project, potentially compromising the security of affected systems.

What should I do if I’m affected?

If you're affected by the CVE-2023-2014 vulnerability, it's important to take action to protect your system. Follow these simple steps to mitigate the risk:

1. Update your microweber/microweber software to version 1.3.3 or later.

2. Ensure you follow secure coding practices to prevent future vulnerabilities.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-2014 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This Cross-site Scripting (XSS) vulnerability was published on April 12, 2023. To address this issue, users should apply the patch provided in the microweber/microweber GitHub repository commit 1a9b904722b35b00653c6ae72dca2969149159b3.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-79, which is a Cross-site Scripting (XSS) issue affecting the microweber/microweber project prior to version 1.3.3.

Learn More

For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page and the sources listed below.

• NVD - CVE-2023-2014

• huntr - The world’s first bug bounty platform for AI/ML