CVE-2022-0690: 
PHP vulnerability analysis and mitigation

Cross-site Scripting (XSS) - Reflected vulnerability was discovered in Packagist microweber/microweber versions prior to 1.2.11, identified as CVE-2022-0690. The vulnerability was disclosed on February 19, 2022, affecting the Microweber content management system (NVD, CVE).

The vulnerability is classified as a Reflected Cross-site Scripting (XSS) issue, categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation). The CVSS v3.1 base score is 6.1 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, though huntr.dev assessed it at 8.8 (HIGH) with vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow attackers to execute malicious scripts in a user's browser context, potentially leading to theft of sensitive information, session hijacking, or other client-side attacks. The impact is considered significant as it affects the content management system's admin interface (NVD).

The vulnerability was patched in version 1.2.11 of microweber/microweber. Users are advised to upgrade to this version or later to mitigate the risk. The fix implements proper input validation for content IDs across multiple controller files (Github Patch).