67 matches found
CVE-2026-12198 Microweber API Endpoint thumbnail_img userfiles_path path traversal
A weakness has been identified in Microweber up to 2.0.20. This affects the function userfilespath of the file /apinosession/thumbnailimg of the component API Endpoint. Executing a manipulation of the argument cachepathrelative can lead to path traversal. It is possible to launch the attack...
CVE-2025-70792
Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...
CVE-2022-0912
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11...
CVE-2022-0961
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12...
CVE-2022-0930
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12...
CVE-2024-58289
CVE-2024-58289 describes a stored cross-site scripting (XSS) in Microweber 2.0.15, where an authenticated attacker can inject script payloads into user profile fields (notably the First Name) that execute when other users view the profile. Multiple connected sources confirm the vulnerability and ...
EUVD-2013-5814
Malware in sbrugna...
EUVD-2021-23063
Malware in sbrugna...
EUVD-2022-5825
Malicious code in bioql PyPI...
EUVD-2023-3258
Malicious code in bioql PyPI...
EUVD-2022-1446
Malicious code in bioql PyPI...
EUVD-2022-1573
Malicious code in bioql PyPI...
EUVD-2022-1048
Malicious code in bioql PyPI...
EUVD-2022-1365
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
microweber/microweber is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization due to malicious scripts being injected into user profile fields, which execute in admin browsers...
Reflected Cross Site Scripting (XSS)
microweber/microweber is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper validation of the layout parameter on the /admin/page/create page, which allows arbitrary JavaScript execution in the context of authenticated admin users...
CVE-2024-40101
A Reflected Cross-site scripting XSS vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter...
CVE-2024-33297
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name Internal Name field in the Add new campaign function...
CVE-2024-33298
Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=adminbackup...
CVE-2023-48122
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method...