Vulnerabilities (CVE)

Filtered by vendor Microweber Subscribe
Filtered by product Microweber
Total 99 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4647 1 Microweber 1 Microweber 2024-02-28 N/A 6.1 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2022-4732 1 Microweber 1 Microweber 2024-02-28 N/A 7.2 HIGH
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2023-1081 1 Microweber 1 Microweber 2024-02-28 N/A 4.8 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
CVE-2023-0608 1 Microweber 1 Microweber 2024-02-28 N/A 5.4 MEDIUM
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2022-4617 1 Microweber 1 Microweber 2024-02-28 N/A 6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2022-3245 1 Microweber 1 Microweber 2024-02-28 N/A 6.1 MEDIUM
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.
CVE-2022-2777 1 Microweber 1 Microweber 2024-02-28 N/A 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.
CVE-2022-3242 1 Microweber 1 Microweber 2024-02-28 N/A 6.1 MEDIUM
Code Injection in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2021-36461 1 Microweber 1 Microweber 2024-02-28 6.5 MEDIUM 8.8 HIGH
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.
CVE-2022-2368 1 Microweber 1 Microweber 2024-02-28 7.5 HIGH 9.8 CRITICAL
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.
CVE-2022-2470 1 Microweber 1 Microweber 2024-02-28 N/A 6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.
CVE-2022-2495 1 Microweber 1 Microweber 2024-02-28 N/A 4.8 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.
CVE-2022-2300 1 Microweber 1 Microweber 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
CVE-2022-2353 1 Microweber 1 Microweber 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.
CVE-2022-0724 1 Microweber 1 Microweber 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0968 1 Microweber 1 Microweber 2024-02-28 4.0 MEDIUM 5.5 MEDIUM
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.
CVE-2022-1584 1 Microweber 1 Microweber 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim
CVE-2022-2280 1 Microweber 1 Microweber 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
CVE-2022-2174 1 Microweber 1 Microweber 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.
CVE-2022-0638 1 Microweber 1 Microweber 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.