microweber/microweber prior to 1.3.3 is vulnerable to stored cross-site scripting (XSS) via the X-Forwarded-For header. This was fixed in version 1.3.3.
もっと詳しく