Lucene search

K

Microweber Security Vulnerabilities

cve
cve

CVE-2023-6832

Business Logic Errors in GitHub repository microweber/microweber prior to...

4.3CVSS

4.8AI Score

0.0004EPSS

2023-12-15 01:15 AM
12
cve
cve

CVE-2023-6599

Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to...

4.3CVSS

4.3AI Score

0.0004EPSS

2023-12-08 12:15 AM
7
cve
cve

CVE-2023-6566

Business Logic Errors in GitHub repository microweber/microweber prior to...

6.5CVSS

6AI Score

0.0005EPSS

2023-12-07 12:15 AM
5
cve
cve

CVE-2023-48122

An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET...

7.5CVSS

7.2AI Score

0.001EPSS

2023-12-08 04:15 AM
11
cve
cve

CVE-2023-49052

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms...

8.8CVSS

8.7AI Score

0.012EPSS

2023-11-30 07:15 AM
22
cve
cve

CVE-2023-47379

Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload...

5.4CVSS

5.2AI Score

0.001EPSS

2023-11-08 05:15 PM
19
cve
cve

CVE-2023-5976

Improper Access Control in GitHub repository microweber/microweber prior to...

4.3CVSS

4.6AI Score

0.0004EPSS

2023-11-07 04:24 AM
13
cve
cve

CVE-2023-5861

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

4.8CVSS

5AI Score

0.0004EPSS

2023-10-31 01:15 AM
19
cve
cve

CVE-2023-5318

Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to...

7.5CVSS

6.4AI Score

0.001EPSS

2023-09-30 01:15 AM
73
cve
cve

CVE-2023-5244

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...

6.1CVSS

5.4AI Score

0.002EPSS

2023-09-28 01:15 AM
19
cve
cve

CVE-2022-0762

Incorrect Authorization in GitHub repository microweber/microweber prior to...

5.5CVSS

4.5AI Score

0.001EPSS

2022-02-26 10:15 AM
75
cve
cve

CVE-2022-0282

Cross-site Scripting in Packagist microweber/microweber prior to...

7.5CVSS

7.2AI Score

0.001EPSS

2022-01-20 12:15 PM
35
cve
cve

CVE-2022-0895

Static Code Injection in GitHub repository microweber/microweber prior to...

9.8CVSS

9.6AI Score

0.002EPSS

2022-03-10 11:15 AM
90
cve
cve

CVE-2022-2368

Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to...

9.8CVSS

9.5AI Score

0.002EPSS

2022-07-11 08:15 AM
53
10
cve
cve

CVE-2022-2353

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a...

6.1CVSS

6AI Score

0.001EPSS

2022-07-09 09:15 AM
50
10
cve
cve

CVE-2022-0596

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to...

4.3CVSS

4.5AI Score

0.001EPSS

2022-02-15 02:15 PM
70
cve
cve

CVE-2022-0277

Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to...

6.5CVSS

6.3AI Score

0.001EPSS

2022-01-20 10:15 AM
48
cve
cve

CVE-2023-3142

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

5.4CVSS

4.6AI Score

0.001EPSS

2023-06-07 03:15 PM
21
cve
cve

CVE-2023-2240

Improper Privilege Management in GitHub repository microweber/microweber prior to...

8.8CVSS

8.7AI Score

0.001EPSS

2023-04-22 01:15 AM
18
cve
cve

CVE-2023-2239

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to...

6.5CVSS

6.5AI Score

0.001EPSS

2023-04-22 05:15 PM
21
cve
cve

CVE-2023-2014

Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to...

4.8CVSS

4.9AI Score

0.001EPSS

2023-04-13 02:15 AM
19
cve
cve

CVE-2023-1877

Command Injection in GitHub repository microweber/microweber prior to...

9.8CVSS

7AI Score

0.002EPSS

2023-04-05 05:15 PM
50
cve
cve

CVE-2023-1881

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

5.4CVSS

5.7AI Score

0.001EPSS

2023-04-05 05:15 PM
17
cve
cve

CVE-2023-1081

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

4.8CVSS

4.9AI Score

0.001EPSS

2023-02-28 02:15 AM
33
cve
cve

CVE-2021-32856

Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted.....

6.1CVSS

5.8AI Score

0.001EPSS

2023-02-21 03:15 PM
19
cve
cve

CVE-2021-32857

Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in htmleditor.js may lead to cross-site scripting (XSS) issues. There are no known patches for this...

6.1CVSS

5.9AI Score

0.001EPSS

2023-02-21 03:15 PM
13
cve
cve

CVE-2023-0608

Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to...

5.4CVSS

5.4AI Score

0.001EPSS

2023-02-01 06:15 AM
39
cve
cve

CVE-2022-4732

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to...

7.2CVSS

6.9AI Score

0.001EPSS

2022-12-27 03:15 PM
39
cve
cve

CVE-2022-4617

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...

6.1CVSS

6AI Score

0.001EPSS

2022-12-21 01:15 AM
52
cve
cve

CVE-2022-4647

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

6.1CVSS

5.9AI Score

0.001EPSS

2022-12-22 02:15 AM
54
cve
cve

CVE-2022-0698

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file'...

6.1CVSS

6AI Score

0.001EPSS

2022-11-25 06:15 PM
45
8
cve
cve

CVE-2022-33012

Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection...

8.8CVSS

8.7AI Score

0.002EPSS

2022-11-22 02:15 PM
43
8
cve
cve

CVE-2022-1631

Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain...

8.8CVSS

8.7AI Score

0.104EPSS

2022-05-09 02:15 PM
67
7
cve
cve

CVE-2018-1000826

Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript...

6.1CVSS

6AI Score

0.001EPSS

2022-10-03 04:22 PM
19
cve
cve

CVE-2014-9464

SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id...

8.4AI Score

0.001EPSS

2022-10-03 04:20 PM
27
cve
cve

CVE-2022-3245

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user...

6.1CVSS

6.1AI Score

0.001EPSS

2022-09-20 02:15 PM
36
2
cve
cve

CVE-2022-3242

Code Injection in GitHub repository microweber/microweber prior to...

6.1CVSS

6.4AI Score

0.021EPSS

2022-09-20 11:15 AM
40
5
cve
cve

CVE-2022-2777

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

5.4CVSS

5.2AI Score

0.001EPSS

2022-08-11 11:15 AM
45
6
cve
cve

CVE-2022-2470

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...

6.1CVSS

6AI Score

0.001EPSS

2022-07-22 03:15 PM
52
4
cve
cve

CVE-2022-2495

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

4.8CVSS

4.8AI Score

0.001EPSS

2022-07-22 04:15 AM
50
6
cve
cve

CVE-2021-36461

An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code,...

8.8CVSS

8.5AI Score

0.001EPSS

2022-07-15 12:15 PM
24
6
cve
cve

CVE-2022-2300

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

5.4CVSS

5.2AI Score

0.001EPSS

2022-07-04 11:15 AM
52
10
cve
cve

CVE-2022-2280

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

5.4CVSS

5.2AI Score

0.001EPSS

2022-07-01 09:15 AM
48
3
cve
cve

CVE-2022-2252

Open Redirect in GitHub repository microweber/microweber prior to...

6.1CVSS

6.1AI Score

0.001EPSS

2022-06-29 04:15 PM
56
5
cve
cve

CVE-2022-2174

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...

6.1CVSS

5.9AI Score

0.001EPSS

2022-06-22 12:15 PM
50
5
cve
cve

CVE-2022-2130

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...

6.1CVSS

6AI Score

0.001EPSS

2022-06-20 09:15 AM
59
9
cve
cve

CVE-2022-1584

Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the...

6.1CVSS

5.9AI Score

0.001EPSS

2022-05-04 06:15 PM
67
4
cve
cve

CVE-2022-1555

DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal...

6.1CVSS

6AI Score

0.001EPSS

2022-05-04 09:15 AM
53
4
cve
cve

CVE-2022-1504

XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS...

6.1CVSS

5.9AI Score

0.001EPSS

2022-04-27 11:15 AM
61
cve
cve

CVE-2022-1439

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user...

6.1CVSS

5.9AI Score

0.001EPSS

2022-04-22 05:15 PM
44
Total number of security vulnerabilities100