Lucene search

K

Microweber Security Vulnerabilities

cve
cve

CVE-2022-0930

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to...

4.8CVSS

4.8AI Score

0.001EPSS

2022-03-12 02:15 PM
79
cve
cve

CVE-2022-0929

XSS on dynamic_text module in GitHub repository microweber/microweber prior to...

6.1CVSS

5.9AI Score

0.001EPSS

2022-03-12 11:15 AM
77
cve
cve

CVE-2022-0926

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to...

4.8CVSS

4.8AI Score

0.001EPSS

2022-03-12 10:15 AM
78
cve
cve

CVE-2022-0921

Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to...

6.7CVSS

6.7AI Score

0.001EPSS

2022-03-11 06:15 PM
78
cve
cve

CVE-2022-0928

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

5.4CVSS

5.2AI Score

0.001EPSS

2022-03-11 11:15 AM
149
cve
cve

CVE-2022-0913

Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to...

7.5CVSS

7.5AI Score

0.001EPSS

2022-03-11 10:15 AM
87
cve
cve

CVE-2022-0912

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to...

4.8CVSS

5AI Score

0.001EPSS

2022-03-11 10:15 AM
91
cve
cve

CVE-2022-0906

Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to...

4.8CVSS

4.8AI Score

0.001EPSS

2022-03-10 03:15 PM
75
cve
cve

CVE-2022-0895

Static Code Injection in GitHub repository microweber/microweber prior to...

9.8CVSS

9.6AI Score

0.002EPSS

2022-03-10 11:15 AM
90
cve
cve

CVE-2022-0896

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to...

8.8CVSS

8.6AI Score

0.003EPSS

2022-03-09 12:15 PM
77
cve
cve

CVE-2022-0855

Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to...

6.1CVSS

6.2AI Score

0.001EPSS

2022-03-04 07:15 PM
65
cve
cve

CVE-2022-0777

Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to...

7.5CVSS

7.5AI Score

0.001EPSS

2022-03-01 09:15 AM
74
cve
cve

CVE-2022-0723

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...

5.4CVSS

5.2AI Score

0.001EPSS

2022-02-26 11:15 AM
78
cve
cve

CVE-2022-0763

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

4.8CVSS

4.8AI Score

0.001EPSS

2022-02-26 10:15 AM
86
cve
cve

CVE-2022-0762

Incorrect Authorization in GitHub repository microweber/microweber prior to...

5.5CVSS

4.5AI Score

0.001EPSS

2022-02-26 10:15 AM
75
cve
cve

CVE-2022-0724

Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to...

6.5CVSS

6.3AI Score

0.001EPSS

2022-02-23 11:15 AM
78
cve
cve

CVE-2022-0721

Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to...

6.5CVSS

6.4AI Score

0.001EPSS

2022-02-23 11:15 AM
74
cve
cve

CVE-2022-0719

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...

5.4CVSS

5.3AI Score

0.001EPSS

2022-02-23 11:15 AM
86
cve
cve

CVE-2022-0688

Business Logic Errors in Packagist microweber/microweber prior to...

4.9CVSS

4.9AI Score

0.001EPSS

2022-02-20 03:15 PM
83
cve
cve

CVE-2022-0690

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to...

6.1CVSS

5.9AI Score

0.001EPSS

2022-02-19 05:15 PM
87
cve
cve

CVE-2022-0689

Use multiple time the one-time coupon in Packagist microweber/microweber prior to...

5.3CVSS

5.1AI Score

0.001EPSS

2022-02-19 04:15 PM
86
cve
cve

CVE-2022-0678

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to...

6.1CVSS

5.9AI Score

0.001EPSS

2022-02-19 11:15 AM
74
cve
cve

CVE-2022-0666

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to...

7.5CVSS

7.5AI Score

0.029EPSS

2022-02-18 03:15 PM
58
cve
cve

CVE-2022-0660

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to...

7.5CVSS

7.3AI Score

0.006EPSS

2022-02-18 11:15 AM
86
cve
cve

CVE-2022-0638

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to...

4.3CVSS

4.6AI Score

0.001EPSS

2022-02-17 05:15 PM
78
cve
cve

CVE-2022-0597

Open Redirect in Packagist microweber/microweber prior to...

6.1CVSS

6AI Score

0.001EPSS

2022-02-15 02:15 PM
81
cve
cve

CVE-2022-0596

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to...

4.3CVSS

4.5AI Score

0.001EPSS

2022-02-15 02:15 PM
70
cve
cve

CVE-2022-0560

Open Redirect in Packagist microweber/microweber prior to...

6.1CVSS

6.1AI Score

0.001EPSS

2022-02-11 01:15 PM
75
cve
cve

CVE-2022-0557

OS Command Injection in Packagist microweber/microweber prior to...

7.2CVSS

6.9AI Score

0.041EPSS

2022-02-11 09:15 AM
91
cve
cve

CVE-2022-0558

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to...

5.4CVSS

5.1AI Score

0.001EPSS

2022-02-10 10:15 AM
74
cve
cve

CVE-2022-0505

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to...

6.5CVSS

6.4AI Score

0.001EPSS

2022-02-08 09:15 AM
47
cve
cve

CVE-2022-0504

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to...

6.5CVSS

6.2AI Score

0.001EPSS

2022-02-08 09:15 AM
59
cve
cve

CVE-2022-0506

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to...

5.4CVSS

5.1AI Score

0.001EPSS

2022-02-08 09:15 AM
38
cve
cve

CVE-2022-0378

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to...

5.4CVSS

5.1AI Score

0.001EPSS

2022-01-26 04:15 PM
63
cve
cve

CVE-2022-0379

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to...

5.4CVSS

5.1AI Score

0.001EPSS

2022-01-26 04:15 PM
43
cve
cve

CVE-2022-0282

Cross-site Scripting in Packagist microweber/microweber prior to...

7.5CVSS

7.2AI Score

0.001EPSS

2022-01-20 12:15 PM
35
cve
cve

CVE-2022-0281

Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to...

7.5CVSS

7.3AI Score

0.004EPSS

2022-01-20 11:15 AM
45
cve
cve

CVE-2022-0277

Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to...

6.5CVSS

6.3AI Score

0.001EPSS

2022-01-20 10:15 AM
48
cve
cve

CVE-2022-0278

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to...

5.4CVSS

5.1AI Score

0.001EPSS

2022-01-20 10:15 AM
40
cve
cve

CVE-2021-33988

Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request...

6.1CVSS

6.2AI Score

0.001EPSS

2021-10-19 05:15 PM
40
cve
cve

CVE-2020-28337

A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously...

7.2CVSS

7.3AI Score

0.034EPSS

2021-02-15 08:15 PM
89
cve
cve

CVE-2020-23138

An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php...

9.8CVSS

9.5AI Score

0.002EPSS

2020-11-09 06:15 PM
21
cve
cve

CVE-2020-23139

Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system...

5.5CVSS

5.5AI Score

0.0004EPSS

2020-11-09 06:15 PM
26
cve
cve

CVE-2020-23140

Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains...

8.1CVSS

8AI Score

0.002EPSS

2020-11-09 06:15 PM
14
cve
cve

CVE-2020-23136

Microweber v1.1.18 is affected by no session expiry after...

5.5CVSS

5.5AI Score

0.0004EPSS

2020-11-09 06:15 PM
14
cve
cve

CVE-2020-13405

userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST...

7.5CVSS

7.3AI Score

0.01EPSS

2020-07-16 07:15 PM
86
cve
cve

CVE-2020-13241

Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image...

7.8CVSS

7.5AI Score

0.001EPSS

2020-05-20 07:15 PM
17
cve
cve

CVE-2018-19917

Microweber 1.0.8 has reflected cross-site scripting (XSS)...

6.1CVSS

6.1AI Score

0.024EPSS

2019-03-21 04:00 PM
21
cve
cve

CVE-2018-17104

An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via...

8.8CVSS

8.7AI Score

0.005EPSS

2018-09-16 09:29 PM
17
cve
cve

CVE-2013-5984

Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file...

6.8AI Score

0.004EPSS

2014-05-12 02:55 PM
17
Total number of security vulnerabilities100