CVE-2025-70792

A cross-site scripting vulnerability (CVE-2025-70792) affects Microweber up to version 2.0.19, exposed via the /admin/category/create endpoint. The root cause is unsanitized manipulation of the rel_id parameter in a crafted URL, which can lure an admin-privileged user to visit the page and trigge...

CVE-2022-0929

XSS on dynamictext module in GitHub repository microweber/microweber prior to 1.2.11...

EUVD-2020-15892

Malware in sbrugna...

EUVD-2022-1400

Malicious code in bioql PyPI...

EUVD-2022-7267

Malicious code in bioql PyPI...

EUVD-2022-1320

Malicious code in bioql PyPI...

EUVD-2022-0659

Malicious code in bioql PyPI...

EUVD-2023-3015

Malicious code in bioql PyPI...

CVE-2024-41380

microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\tags\addtaggingtagged.php...

CVE-2022-4647

Cross-site Scripting XSS - Stored in GitHub repository microweber/microweber prior to 1.3.2...

CVE-2022-0504

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-3242

Code Injection in GitHub repository microweber/microweber prior to 1.3.2...

CVE-2022-1036

Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12...

CVE-2022-0678

Cross-site Scripting XSS - Reflected in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-2777

Cross-site Scripting XSS - Stored in GitHub repository microweber/microweber prior to 1.3.1...

CVE-2022-2300

Cross-site Scripting XSS - Stored in GitHub repository microweber/microweber prior to 1.2.19...

CVE-2020-23136

Microweber v1.1.18 is affected by no session expiry after log-out...

CVE-2022-0557

OS Command Injection in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0378

Cross-site Scripting XSS - Reflected in Packagist microweber/microweber prior to 1.2.11...

GHSA-J4V9-CM37-H7C2 Microweber Cross-site Scripting vulnerability

Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name Internal Name field in the Add new campaign function...