1374 matches found
CVE-2024-58289
Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially...
CVE-2024-58289 Microweber 2.0.15 Stored Cross-Site Scripting via User Profile Fields
Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially...
CVE-2024-58289 Microweber 2.0.15 Stored Cross-Site Scripting via User Profile Fields
Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially...
CVE-2024-58289
CVE-2024-58289 describes a stored cross-site scripting (XSS) in Microweber 2.0.15, where an authenticated attacker can inject script payloads into user profile fields (notably the First Name) that execute when other users view the profile. Multiple connected sources confirm the vulnerability and ...
Microweber 跨站脚本漏洞
Microweber is Microweber open source online store management system that provides drag and drop functionality. The system includes modules for adding products, images and more. A cross-site scripting vulnerability exists in Microweber version 2.0.15, which stems from the presence of stored...
PT-2025-50743
Name of the Vulnerable Software and Affected Versions Microweber version 2.0.15 Description The software contains a stored cross-site scripting issue that allows authenticated attackers to inject malicious scripts into user profile fields. Specifically, attackers can input script payloads into th...
CVE-2025-60954
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...
Microweber CMS 安全漏洞
Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in version 2.0 of Microweber CMS, which stems from lax password requirements and could lead to account cracking...
EUVD-2025-35888
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...
CVE-2025-60954
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...
Weak Password Requirements
Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Weak Password Requirements in the password reset process. An attacker can gain unauthorized access to user or administrative accounts using weak passwords that are easily...
PT-2025-43670
Name of the Vulnerable Software and Affected Versions Microweber CMS version 2.0 Description The application does not enforce minimum password length or complexity during password resets. This allows users to set weak passwords, including single-character passwords, potentially leading to account...
CVE-2025-60954
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...
CVE-2025-60954
CVE-2025-60954 affects Microweber CMS 2.0, where the password reset flow enforces no minimum length or complexity, allowing extremely weak (even single-character) passwords and risking account compromise, including admin accounts. The vulnerability surface is the password reset process in Microwe...
CVE-2025-60954
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...
EUVD-2013-5814
Malware in sbrugna...
EUVD-2020-15892
Malware in sbrugna...
EUVD-2021-2263
Malware in sbrugna...
EUVD-2020-15893
Malware in sbrugna...
EUVD-2014-9283
Malware in sbrugna...