6CVSS
7.3AI Score
0.0004EPSS
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET...
7.5CVSS
6.9AI Score
0.001EPSS
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to...
3.1CVSS
7.4AI Score
0.0004EPSS
5.9CVSS
7.3AI Score
0.0005EPSS
File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms...
8.8CVSS
8.1AI Score
0.012EPSS
Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload...
5.4CVSS
6.3AI Score
0.001EPSS
4.6CVSS
7.3AI Score
0.0004EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...
6.4CVSS
6AI Score
0.0004EPSS
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to...
5.8CVSS
7.6AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...
5CVSS
6.1AI Score
0.002EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...
3.8CVSS
5.3AI Score
0.001EPSS
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to...
7.1CVSS
6.4AI Score
0.001EPSS
Improper Privilege Management in GitHub repository microweber/microweber prior to...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to...
5.3CVSS
5AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...
7.4CVSS
5.3AI Score
0.001EPSS
6.1CVSS
9.8AI Score
0.002EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...
5.7CVSS
4.9AI Score
0.001EPSS
Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted.....
6.1CVSS
5.9AI Score
0.001EPSS
Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in htmleditor.js may lead to cross-site scripting (XSS) issues. There are no known patches for this...
6.1CVSS
6AI Score
0.001EPSS
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to...
6.3CVSS
5.3AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to...
7.2CVSS
7AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...
6.1CVSS
6AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...
6.1CVSS
6.1AI Score
0.001EPSS
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file'...
6.1CVSS
6AI Score
0.001EPSS
Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection...
8.8CVSS
8.8AI Score
0.002EPSS
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user...
6.1CVSS
6.2AI Score
0.001EPSS
6.1CVSS
6.5AI Score
0.021EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...
5.4CVSS
5.3AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...
6.1CVSS
6AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...
4.8CVSS
4.9AI Score
0.001EPSS
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code,...
8.8CVSS
8.6AI Score
0.001EPSS
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to...
9.8CVSS
9.5AI Score
0.002EPSS
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a...
6.1CVSS
6.1AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...
5.4CVSS
5.3AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...
5.4CVSS
5.3AI Score
0.001EPSS
6.1CVSS
5.1AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...
6.1CVSS
6AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...
6.1CVSS
6AI Score
0.001EPSS
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain...
8.8CVSS
8.7AI Score
0.055EPSS
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the...
6.1CVSS
6AI Score
0.001EPSS
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal...
6.1CVSS
6.1AI Score
0.001EPSS
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS...
6.1CVSS
6AI Score
0.001EPSS
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user...
6.1CVSS
5.9AI Score
0.001EPSS
Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to...
7.5CVSS
7.8AI Score
0.001EPSS
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to...
5.5CVSS
5.3AI Score
0.001EPSS
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to...
5.4CVSS
5.2AI Score
0.001EPSS
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to...
5.5CVSS
5.3AI Score
0.001EPSS
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to...
5.4CVSS
5.4AI Score
0.001EPSS
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to...
4.8CVSS
4.8AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS