Microweber Security Vulnerabilities

CVE-2023-6832

Business Logic Errors in GitHub repository microweber/microweber prior to...

CVE-2023-6599

Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to...

CVE-2023-6566

Business Logic Errors in GitHub repository microweber/microweber prior to...

CVE-2023-48122

An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET...

CVE-2023-49052

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms...

CVE-2023-47379

Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload...

CVE-2023-5976

Improper Access Control in GitHub repository microweber/microweber prior to...

CVE-2023-5861

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

CVE-2023-5318

Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to...

CVE-2023-5244

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...

CVE-2022-0762

Incorrect Authorization in GitHub repository microweber/microweber prior to...

CVE-2022-0282

Cross-site Scripting in Packagist microweber/microweber prior to...

CVE-2022-0895

Static Code Injection in GitHub repository microweber/microweber prior to...

CVE-2022-2368

Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to...

CVE-2022-2353

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a...

CVE-2022-0596

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to...

CVE-2022-0277

Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to...

CVE-2023-3142

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

CVE-2023-2240

Improper Privilege Management in GitHub repository microweber/microweber prior to...

CVE-2023-2239

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to...

CVE-2023-2014

Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to...

CVE-2023-1877

Command Injection in GitHub repository microweber/microweber prior to...

CVE-2023-1881

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

CVE-2023-1081

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

CVE-2021-32856

Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted.....

CVE-2021-32857

Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in htmleditor.js may lead to cross-site scripting (XSS) issues. There are no known patches for this...

CVE-2023-0608

Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to...

CVE-2022-4732

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to...

CVE-2022-4617

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...

CVE-2022-4647

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

CVE-2022-0698

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file'...

CVE-2022-33012

Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection...

CVE-2022-1631

Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain...

CVE-2018-1000826

Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript...

CVE-2014-9464

SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id...

CVE-2022-3245

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user...

CVE-2022-3242

Code Injection in GitHub repository microweber/microweber prior to...

CVE-2022-2777

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

CVE-2022-2470

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...

CVE-2022-2495

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

CVE-2021-36461

An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code,...

CVE-2022-2300

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

CVE-2022-2280

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...

CVE-2022-2252

Open Redirect in GitHub repository microweber/microweber prior to...

CVE-2022-2174

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...

CVE-2022-2130

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...

CVE-2022-1584

Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the...

CVE-2022-1555

DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal...

CVE-2022-1504

XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS...

CVE-2022-1439

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user...