CVE-2023-47379: 
PHP vulnerability analysis and mitigation

Microweber CMS version 2.0.1 was discovered to contain a stored Cross-Site Scripting (XSS) vulnerability via the profile picture file upload functionality. The vulnerability was identified and assigned CVE-2023-47379, with a CVSS v3.1 base score of 5.4 (Medium severity) (NVD).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It affects the profile picture upload functionality in Microweber CMS version 2.0.1. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating that the vulnerability requires network access, low attack complexity, low privileges, and user interaction (NVD).

The stored XSS vulnerability can lead to various security risks including data theft, session hijacking, and potential website defacement. Attackers could steal user cookies and information, perform unauthorized actions on behalf of victims, and potentially trigger malware downloads (Astra).

The vulnerability has been patched in subsequent versions of Microweber CMS. Users are advised to update to the latest security version once released. The fix involves improved input validation and sanitization of file uploads (Astra, Microweber Changelog).