Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.
7.5CVSS
7.5AI Score
0.001EPSS
Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.
6.7CVSS
6.7AI Score
0.001EPSS
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
4.8CVSS
4.8AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
5.4CVSS
5.2AI Score
0.001EPSS
XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
6.1CVSS
5.9AI Score
0.001EPSS
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
4.8CVSS
4.8AI Score
0.001EPSS
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
5.4CVSS
5.3AI Score
0.001EPSS
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.
5.5CVSS
5.2AI Score
0.001EPSS
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
5.4CVSS
5.1AI Score
0.001EPSS
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.
5.5CVSS
5.2AI Score
0.001EPSS
Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.
7.5CVSS
7.8AI Score
0.001EPSS
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.
6.1CVSS
5.9AI Score
0.001EPSS
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.
6.1CVSS
5.9AI Score
0.001EPSS
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...
6.1CVSS
6AI Score
0.001EPSS
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim
6.1CVSS
5.9AI Score
0.001EPSS
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pr...
8.8CVSS
8.7AI Score
0.104EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.
6.1CVSS
6AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
6.1AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
5.4CVSS
5.2AI Score
0.001EPSS
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.
6.1CVSS
6AI Score
0.001EPSS
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.
9.8CVSS
9.5AI Score
0.002EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.
6.1CVSS
6AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.
4.8CVSS
4.8AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.
5.4CVSS
5.2AI Score
0.001EPSS
6.1CVSS
6.4AI Score
0.015EPSS
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.
6.1CVSS
6.1AI Score
0.001EPSS
Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.
8.8CVSS
8.7AI Score
0.003EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
6.1CVSS
6AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
6.1CVSS
5.9AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.
7.2CVSS
6.9AI Score
0.001EPSS
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.
5.4CVSS
5.4AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
4.8CVSS
4.9AI Score
0.001EPSS
9.8CVSS
7AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
5.4CVSS
5.7AI Score
0.001EPSS
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
4.8CVSS
4.9AI Score
0.001EPSS
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.
6.5CVSS
6.5AI Score
0.001EPSS
Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.
8.8CVSS
8.7AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
5.4CVSS
4.6AI Score
0.001EPSS
Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.
5.4CVSS
5.2AI Score
0.001EPSS
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.
7.5CVSS
7.2AI Score
0.001EPSS
File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.
8.8CVSS
8.7AI Score
0.006EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.
6.1CVSS
5.4AI Score
0.002EPSS
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.
7.5CVSS
6.4AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
4.8CVSS
5AI Score
0.0004EPSS
4.3CVSS
4.6AI Score
0.0004EPSS
6.5CVSS
6AI Score
0.0005EPSS
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.
4.3CVSS
4.3AI Score
0.0004EPSS
4.3CVSS
4.8AI Score
0.0004EPSS