Lucene search
+L

1377 matches found

NVD
NVD
added 2021/10/19 5:15 p.m.26 views

CVE-2021-33988

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

6.1CVSS0.01029EPSS
Exploits1References1
OSV
OSV
added 2021/10/19 5:15 p.m.14 views

CVE-2021-33988

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

6.1CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2021/10/19 5:15 p.m.17 views

Cross site scripting

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

4.3CVSS6.2AI score0.01029EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/10/19 4:53 p.m.32 views

CVE-2021-33988

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

6.4AI score0.01029EPSS
Exploits1References1
CVE
CVE
added 2021/10/19 4:53 p.m.70 views

CVE-2021-33988

CVE-2021-33988 is a Cross-Site Scripting (XSS) vulnerability reported in Microweber CMS version 1.2.7 accessible via the Login form. The concrete details from connected sources state that an attacker could inject and execute Javascript by placing code in the login request form, enabling a client-...

6.1CVSS6.2AI score0.01029EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/10/19 12:0 a.m.6 views

Microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber CMS version 1.2.7, which can be exploited ...

6.1CVSS6.5AI score0.01029EPSS
Exploits1References3
Huntr
Huntr
added 2021/10/17 10:57 a.m.5 views

in microweber/microweber

Description I create a coupon only for one user and also is one-time use coupon. then create two user and both of them can use the coupon but only one of them should able to use the coupon...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/09/13 3:59 p.m.10 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

Description Attacker able to delete any file In Files module if this module enabled there isn't any csrf protection in this endpoint. Proof of Concept After open the PoC.html file you can see that the file with name 1.jpg will be deleted. //PoC.html history.pushState'', '', '/'...

2AI score
Exploits0
Huntr
Huntr
added 2021/09/09 11:52 a.m.11 views

Improper Privilege Management in microweber/microweber

✍️ Description A simple user without Super Admin access is able to add further users to the system. 🕵️‍♂️ Proof of Concept BurpSuite or proxy utility is required - 1;Simply add a simple User roled user USER A . - 2; Log in with USER A - 3; Obtain the X-Csrf-Token and the Cookie value of USER A - 4;...

6.8AI score
Exploits0
Huntr
Huntr
added 2021/09/09 11:19 a.m.6 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

✍️ Description Attacker able to delete any user if knows the user id parameter value. 🕵️‍♂️ Proof of Concept Here after running PoC.html and you will see that the user with id 3 has been deleted. //PoC.html history.pushState'', '', '/' document.forms0.submit; 💥 Impact Here a user with id value 3...

2.5AI score
Exploits0
Huntr
Huntr
added 2021/07/30 2:11 p.m.8 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

✍️ Description Attacker able to batch delete any Website pages if knows the pages id parameter value. 🕵️‍♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the files with id from 9 to 15 have been deleted...

1.9AI score
Exploits0
Huntr
Huntr
added 2021/07/20 3:4 a.m.11 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

✍️ Description microweber is vulnerable to Cross-site request forgery. The app is not checking the CSRF token when adding new products to the cart. 🕵️‍♂️ Proof of Concept HTML content: HTML setTimeout = form.submit; , 2000; 1. Save the above content into an HTML file. 2. Open the file on the...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/07/20 2:52 a.m.14 views

Business Logic Errors in microweber/microweber

✍️ Description microweber is vulnerable to Business Logic error through negative product price. 🕵️‍♂️ Proof of Concept HTML content: HTML 1. Save the above content into an HTML file. 2. Access the app localhost and add a product to the cart. 3. Open the HTML file and click on submit button to take...

0.5AI score
Exploits0
CNVD
CNVD
added 2021/06/28 12:0 a.m.12 views

Microweber has a file upload vulnerability

Microweber is a new generation of CMS generation tools. Microweber suffers from a file upload vulnerability that can be exploited by an attacker to gain control of the server...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/10 12:0 a.m.189 views

Microweber CMS 1.1.20 Remote Code Execution

Exploit Title: Microweber CMS 1.1.20 - Remote Code Execution Authenticated Date: 2020-10-31 Exploit Author: sl1nki Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/tree/1.1.20 Version: " . shellexec$REQUEST"fexec" . ""; ?' Notes: SSL verification is...

6.5CVSS0.1AI score0.16611EPSS
Exploits4
0day.today
0day.today
added 2021/05/10 12:0 a.m.100 views

Microweber CMS 1.1.20 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Microweber CMS 1.1.20 - Remote Code Execution Authenticated Exploit Author: sl1nki Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/tree/1.1.20 Version: " . shellexec$REQUEST"fexec" . ""; ?' Notes: SSL verification is disabled by...

7.2CVSS0.1AI score0.16611EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/05/10 12:0 a.m.183 views

Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)

Exploit Title: Microweber CMS 1.1.20 - Remote Code Execution Authenticated Date: 2020-10-31 Exploit Author: sl1nki Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/tree/1.1.20 Version: " . shellexec$REQUEST"fexec" . ""; ?' Notes: SSL verification is...

7.2CVSS7AI score0.16611EPSS
Exploits4
Veracode
Veracode
added 2021/02/16 1:24 a.m.16 views

Arbitrary File Write

microweber is vulnerable to arbitrary file write. The vulnerability exists because a user with administrative level privilege can write files via the backup restore feature by uploading a malicious constructed ZIP file with file paths including relative paths i.e., ../../, moving this file into t...

7.2CVSS3.9AI score0.16611EPSS
Exploits4References4Affected Software1
NVD
NVD
added 2021/02/15 8:15 p.m.43 views

CVE-2020-28337

A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously...

7.2CVSS0.16611EPSS
Exploits4References4
OSV
OSV
added 2021/02/15 8:15 p.m.22 views

CVE-2020-28337

A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously...

7.2CVSS7.8AI score0.16611EPSS
Exploits4References4
Rows per page
Query Builder