14 matches found
CVE-2022-4732
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2...
CVE-2022-0719
Cross-site Scripting XSS - Reflected in GitHub repository microweber/microweber prior to 1.3...
CVE-2022-0666
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11...
Microweber Cross Site Scripting (XSS) vulnerability
Microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\tags\addtaggingtagged.php...
PT-2022-27783 · Microweber · Microweber
Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 1.3.2 Description: The issue is related to Cross-site Scripting XSS - Reflected, which occurs when an application includes user input in its responses without proper validation, allowing an attacker to...
PT-2022-18575 · Unknown · Microweber
Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 1.3.1 Description: The issue is related to Cross-site Scripting XSS - Stored. In the GitHub repository microweber/microweber, the title parameter in the body of a POST request when creating or editing a...
Cross-site Scripting in microweber
Cross-site Scripting XSS - Stored in GitHub repository microweber/microweber prior to 1.2.19...
Cross-site Scripting in microweber
Cross-site Scripting XSS - Stored in GitHub repository microweber/microweber prior to 1.2.19...
CVE-2022-2130 Cross-site Scripting (XSS) - Reflected in microweber/microweber
Cross-site Scripting XSS - Reflected in GitHub repository microweber/microweber prior to 1.2.17...
CVE-2022-0777 Weak Password Recovery Mechanism for Forgotten Password in microweber/microweber
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3...
CVE-2022-0762 Incorrect Authorization in microweber/microweber
Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3...
CVE-2022-0719 Cross-site Scripting (XSS) - Reflected in microweber/microweber
Cross-site Scripting XSS - Reflected in GitHub repository microweber/microweber prior to 1.3...
Privilege Escalation
microweber/microweber is vulnerable to privilege escalation. The use of one-time coupon multiple time allows an attacker to manipulate One-Time-Coupon Handler using malicious input...
Cross Site Request Forgery (CSRF)
microweber/microweber is susceptible to a cross-site request forgery CSRF attack. It allows the attacker to add an administrative account via the api/saveuser url by misleading an admin user to click on the malicious link...