Microweber Information Disclosure

Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0281 info: name: Microweber Information Disclosure author: pikpikcu severity: high description: Microweber contains a...

Microweber < 1.2.12 - Stored Cross-Site Scripting

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax. id: CVE-2022-0928 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: |...

Microweber <1.2.12 - Integer Overflow

Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first & last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request. id: CVE-2022-0968 info: name: Microweber 1.2.12 - Integer...

Microweber <1.2.12 - Stored Cross-Site Scripting

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,. id: CVE-2022-0963 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microweber prior to 1.2.12 contains a stored...

Microweber <1.2.11 - Stored Cross-Site Scripting

Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods. id: CVE-2022-0954 info: name: Microweber 1.2.11 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microwebe...

Microweber < 1.2.11 - Open Redirection

Open Redirect in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0597 info: name: Microweber 1.2.11 - Open Redirection author: Farish severity: medium description: | Open Redirect in Packagist microweber/microweber prior to 1.2.11. impact: | Attackers can redirect users to malicious...

Microweber < V.2.0 - Cross-Site Scripting

Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editortools/rteimageeditor endpoint. id: CVE-2023-5244 info: name: Microweber V.2.0 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | Reflected Cross-Site Scripting Vulnerability in types GET paramete...

Microweber < 1.2.11 - CRLF Injection

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0666 info: name: Microweber 1.2.11 - CRLF Injection author: ritikchaddha severity: high description: | CRLF Injection leads to Sta...

Microweber <1.2.15 - Cross-Site Scripting

Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch oth...

Microweber <1.3.2 - Cross-Site Scripting

Code Injection in on search.php?keywords= GitHub repository microweber/microweber prior to 1.3.2. id: CVE-2022-3242 info: name: Microweber 1.3.2 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | Code Injection in on search.php?keywords= GitHub repository microweber/microweber...

Microweber <1.1.20 - Information Disclosure

Microweber before 1.1.20 is susceptible to information disclosure via userfiles/modules/users/controller/controller.php. An attacker can disclose the users database via a /modules/ POST request and thus potentially access sensitive information, modify data, and/or execute unauthorized operations...

microweber 1.2.18 - Cross-site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository microweber/microweber prior to 1.2.18. id: CVE-2022-2174 info: name: microweber 1.2.18 - Cross-site Scripting author: r3Y3r53 severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository microweber/microweber...

Microweber Cross-Site Scripting

Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0378 info: name: Microweber Cross-Site Scripting author: pikpikcu severity: medium description: Microweber contains a reflected cross-site scripting in Packagist...

Microweber <1.2.11 - Cross-Site Scripting

Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out. id: CVE-2022-0678 info: name: Microweber 1.2.11 - Cross-Site Scripting...

Microweber <1.2.11 - Information Disclosure

Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from loadmodule:commentssearch=. An attacker can possibly obtain sensitive information, modify data, and/or execute...

CVE-2026-12198

A weakness has been identified in Microweber up to 2.0.20. This affects the function userfilespath of the file /apinosession/thumbnailimg of the component API Endpoint. Executing a manipulation of the argument cachepathrelative can lead to path traversal. It is possible to launch the attack...

CVE-2026-12198 Microweber API Endpoint thumbnail_img userfiles_path path traversal

A weakness has been identified in Microweber up to 2.0.20. This affects the function userfilespath of the file /apinosession/thumbnailimg of the component API Endpoint. Executing a manipulation of the argument cachepathrelative can lead to path traversal. It is possible to launch the attack...

CVE-2026-12198 Microweber API Endpoint thumbnail_img userfiles_path path traversal

A weakness has been identified in Microweber up to 2.0.20. This affects the function userfilespath of the file /apinosession/thumbnailimg of the component API Endpoint. Executing a manipulation of the argument cachepathrelative can lead to path traversal. It is possible to launch the attack...

EUVD-2026-36674

A weakness has been identified in Microweber up to 2.0.20. This affects the function userfilespath of the file /apinosession/thumbnailimg of the component API Endpoint. Executing a manipulation of the argument cachepathrelative can lead to path traversal. It is possible to launch the attack...

CVE-2026-12198

CVE-2026-12198 affects Microweber up to 2.0.20. The vulnerability is in the API Endpoint file /api_nosession/thumbnail_img, specifically the function userfiles_path, where manipulating the argument cache_path_relative can cause a path traversal. It is possible to launch the attack remotely, and p...