CVE-2022-0277

Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0688

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0688 Business Logic Errors in microweber/microweber

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0690 Cross-site Scripting (XSS) - Reflected in microweber/microweber

Cross-site Scripting XSS - Reflected in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0689 Use multiple time the one-time coupon in microweber/microweber

Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0678

Cross-site Scripting XSS - Reflected in Packagist microweber/microweber prior to 1.2.11...

Cross site scripting

Cross-site Scripting XSS - Reflected in Packagist microweber/microweber prior to 1.2.11...

GHSA-HHRJ-WP42-32V3 Generation of Error Message Containing Sensitive Information in microweber

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11...

CRLF Injection in microweber

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11...

Crlf injection

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0666 CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in microweber/microweber

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0666

CVE-2022-0666 affects microweber/microweber prior to 1.2.11. The vulnerability is a CRLF Injection caused by lack of filtering in redirects (notably the redirect_to/redirectUrl path), leading to stack trace exposure. Nuclei and Veracode listings corroborate the issue and note potential impact suc...

CVE-2022-0660

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11...

Information disclosure

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0638 Cross-Site Request Forgery (CSRF) in microweber/microweber

Cross-Site Request Forgery CSRF in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0596

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11...

Input validation

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0597 Open Redirect in microweber/microweber

Open Redirect in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0596 Improper Validation of Specified Quantity in Input in microweber/microweber

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0557

OS Command Injection in Packagist microweber/microweber prior to 1.2.11...