Total
99 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-4647 | 1 Microweber | 1 Microweber | 2024-02-28 | N/A | 6.1 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2. | |||||
CVE-2022-4732 | 1 Microweber | 1 Microweber | 2024-02-28 | N/A | 7.2 HIGH |
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2. | |||||
CVE-2023-1081 | 1 Microweber | 1 Microweber | 2024-02-28 | N/A | 4.8 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. | |||||
CVE-2023-0608 | 1 Microweber | 1 Microweber | 2024-02-28 | N/A | 5.4 MEDIUM |
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2. | |||||
CVE-2022-4617 | 1 Microweber | 1 Microweber | 2024-02-28 | N/A | 6.1 MEDIUM |
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2. | |||||
CVE-2022-3245 | 1 Microweber | 1 Microweber | 2024-02-28 | N/A | 6.1 MEDIUM |
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input. | |||||
CVE-2022-2777 | 1 Microweber | 1 Microweber | 2024-02-28 | N/A | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1. | |||||
CVE-2022-3242 | 1 Microweber | 1 Microweber | 2024-02-28 | N/A | 6.1 MEDIUM |
Code Injection in GitHub repository microweber/microweber prior to 1.3.2. | |||||
CVE-2021-36461 | 1 Microweber | 1 Microweber | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini. | |||||
CVE-2022-2368 | 1 Microweber | 1 Microweber | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. | |||||
CVE-2022-2470 | 1 Microweber | 1 Microweber | 2024-02-28 | N/A | 6.1 MEDIUM |
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21. | |||||
CVE-2022-2495 | 1 Microweber | 1 Microweber | 2024-02-28 | N/A | 4.8 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21. | |||||
CVE-2022-2300 | 1 Microweber | 1 Microweber | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. | |||||
CVE-2022-2353 | 1 Microweber | 1 Microweber | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user. | |||||
CVE-2022-0724 | 1 Microweber | 1 Microweber | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3. | |||||
CVE-2022-0968 | 1 Microweber | 1 Microweber | 2024-02-28 | 4.0 MEDIUM | 5.5 MEDIUM |
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12. | |||||
CVE-2022-1584 | 1 Microweber | 1 Microweber | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim | |||||
CVE-2022-2280 | 1 Microweber | 1 Microweber | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. | |||||
CVE-2022-2174 | 1 Microweber | 1 Microweber | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18. | |||||
CVE-2022-0638 | 1 Microweber | 1 Microweber | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. |