Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MicroweberMicroweber

66 matches found

CVE
CVEadded 2022/07/22 4:15 a.m.74 views

CVE-2022-2495

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.

6.8CVSS5AI score0.00315EPSS
CVE
CVEadded 2022/11/25 6:15 p.m.73 views

CVE-2022-0698

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.

6.1CVSS6AI score0.0088EPSS
CVE
CVEadded 2022/07/01 9:15 a.m.73 views

CVE-2022-2280

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.

6.5CVSS5.4AI score0.00305EPSS
CVE
CVEadded 2022/09/20 11:15 a.m.70 views

CVE-2022-3242

Code Injection in GitHub repository microweber/microweber prior to 1.3.2.

6.1CVSS5.5AI score0.16186EPSS
CVE
CVEadded 2022/01/20 10:15 a.m.69 views

CVE-2022-0277

Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11.

6.5CVSS6.3AI score0.0029EPSS
CVE
CVEadded 2022/01/20 10:15 a.m.69 views

CVE-2022-0278

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

7.2CVSS5.3AI score0.0021EPSS
CVE
CVEadded 2022/01/20 12:15 p.m.68 views

CVE-2022-0282

Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.

7.5CVSS5.5AI score0.00675EPSS
CVE
CVEadded 2022/02/08 9:15 a.m.66 views

CVE-2022-0505

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

6.5CVSS5.9AI score0.00153EPSS
CVE
CVEadded 2022/07/09 9:15 a.m.66 views

CVE-2022-2353

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.

6.3CVSS6AI score0.00271EPSS
CVE
CVEadded 2022/02/08 9:15 a.m.64 views

CVE-2022-0506

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

7.7CVSS5.3AI score0.00241EPSS
CVE
CVEadded 2022/09/20 2:15 p.m.64 views

CVE-2022-3245

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.

6.1CVSS5.2AI score0.0046EPSS
CVE
CVEadded 2022/08/11 11:15 a.m.63 views

CVE-2022-2777

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.

6.6CVSS5.4AI score0.00134EPSS
CVE
CVEadded 2022/11/22 2:15 p.m.63 views

CVE-2022-33012

Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.

8.8CVSS8.7AI score0.00538EPSS
CVE
CVEadded 2022/01/26 4:15 p.m.62 views

CVE-2022-0379

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

8.1CVSS5.5AI score0.00342EPSS
CVE
CVEadded 2022/12/27 3:15 p.m.52 views

CVE-2022-4732

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.

7.2CVSS5.7AI score0.00874EPSS
CVE
CVEadded 2022/07/15 12:15 p.m.44 views

CVE-2021-36461

An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.

8.8CVSS8.5AI score0.00336EPSS
Total number of security vulnerabilities66