Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MicroweberMicroweber*

90 matches found

CVE
CVEadded 2022/03/11 11:15 a.m.166 views

CVE-2022-0928

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.

6.8CVSS5.3AI score0.04709EPSS
CVE
CVEadded 2022/02/11 9:15 a.m.131 views

CVE-2022-0557

OS Command Injection in Packagist microweber/microweber prior to 1.2.11.

9CVSS7.2AI score0.12555EPSS
CVE
CVEadded 2020/07/16 7:15 p.m.123 views

CVE-2020-13405

userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.

7.5CVSS7.3AI score0.30393EPSS
CVE
CVEadded 2022/03/10 11:15 a.m.122 views

CVE-2022-0895

Static Code Injection in GitHub repository microweber/microweber prior to 1.3.

9.8CVSS8.9AI score0.01143EPSS
CVE
CVEadded 2022/02/18 11:15 a.m.117 views

CVE-2022-0660

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.

9.4CVSS7.5AI score0.07502EPSS
CVE
CVEadded 2022/03/11 10:15 a.m.112 views

CVE-2022-0912

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.

4.8CVSS5AI score0.00185EPSS
CVE
CVEadded 2022/03/15 12:15 p.m.108 views

CVE-2022-0954

Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.

6.8CVSS5.5AI score0.05808EPSS
CVE
CVEadded 2022/02/23 11:15 a.m.107 views

CVE-2022-0719

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.

7.6CVSS5.5AI score0.00364EPSS
CVE
CVEadded 2022/02/19 11:15 a.m.106 views

CVE-2022-0678

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

6.5CVSS5.9AI score0.00903EPSS
CVE
CVEadded 2022/02/26 11:15 a.m.106 views

CVE-2022-0723

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.

8CVSS5.5AI score0.00364EPSS
CVE
CVEadded 2021/02/15 8:15 p.m.104 views

CVE-2020-28337

A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously const...

7.2CVSS7.3AI score0.1411EPSS
CVE
CVEadded 2022/02/15 2:15 p.m.104 views

CVE-2022-0597

Open Redirect in Packagist microweber/microweber prior to 1.2.11.

6.1CVSS5.2AI score0.00525EPSS
CVE
CVEadded 2022/02/19 5:15 p.m.104 views

CVE-2022-0690

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

8.8CVSS6.1AI score0.00807EPSS
CVE
CVEadded 2022/03/09 12:15 p.m.104 views

CVE-2022-0896

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.

8.8CVSS7.7AI score0.00958EPSS
CVE
CVEadded 2022/03/11 10:15 a.m.104 views

CVE-2022-0913

Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.

9.1CVSS7.6AI score0.00769EPSS
CVE
CVEadded 2022/02/20 3:15 p.m.103 views

CVE-2022-0688

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.

9.4CVSS5.3AI score0.00315EPSS
CVE
CVEadded 2022/02/19 4:15 p.m.103 views

CVE-2022-0689

Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.

5.3CVSS5.2AI score0.0027EPSS
CVE
CVEadded 2022/03/22 1:15 p.m.103 views

CVE-2022-1036

Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.

7.5CVSS6.5AI score0.00701EPSS
CVE
CVEadded 2022/03/15 3:15 p.m.101 views

CVE-2022-0961

The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.

7.1CVSS5.5AI score0.0175EPSS
CVE
CVEadded 2022/02/10 10:15 a.m.100 views

CVE-2022-0558

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

9.8CVSS5.4AI score0.0032EPSS
CVE
CVEadded 2022/02/26 10:15 a.m.100 views

CVE-2022-0763

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.

4.8CVSS4.5AI score0.00223EPSS
CVE
CVEadded 2022/02/11 1:15 p.m.99 views

CVE-2022-0560

Open Redirect in Packagist microweber/microweber prior to 1.2.11.

6.1CVSS5.2AI score0.00433EPSS
CVE
CVEadded 2022/02/23 11:15 a.m.99 views

CVE-2022-0721

Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.

8.8CVSS6.8AI score0.00333EPSS
CVE
CVEadded 2023/09/30 1:15 a.m.99 views

CVE-2023-5318

Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.

7.5CVSS6.5AI score0.0033EPSS
CVE
CVEadded 2022/02/17 5:15 p.m.96 views

CVE-2022-0638

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

4.3CVSS4.5AI score0.00098EPSS
CVE
CVEadded 2022/02/23 11:15 a.m.96 views

CVE-2022-0724

Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.

9.1CVSS6.7AI score0.00431EPSS
CVE
CVEadded 2022/03/15 4:15 p.m.95 views

CVE-2022-0963

Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.

5.7CVSS5.2AI score0.04641EPSS
CVE
CVEadded 2022/02/26 10:15 a.m.94 views

CVE-2022-0762

Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.

5.5CVSS4.6AI score0.0021EPSS
CVE
CVEadded 2022/03/10 3:15 p.m.93 views

CVE-2022-0906

Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.

4.8CVSS4.5AI score0.00223EPSS
CVE
CVEadded 2022/01/26 4:15 p.m.92 views

CVE-2022-0378

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

7.1CVSS5.4AI score0.07626EPSS
CVE
CVEadded 2022/03/12 11:15 a.m.92 views

CVE-2022-0929

XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.

6.8CVSS6AI score0.00463EPSS
CVE
CVEadded 2022/03/11 6:15 p.m.91 views

CVE-2022-0921

Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.

7.2CVSS6.9AI score0.06086EPSS
CVE
CVEadded 2022/03/12 10:15 a.m.91 views

CVE-2022-0926

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.

7.1CVSS5.2AI score0.00331EPSS
CVE
CVEadded 2022/03/15 4:15 p.m.91 views

CVE-2022-0968

The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.

7.2CVSS5.5AI score0.01053EPSS
CVE
CVEadded 2022/03/12 2:15 p.m.90 views

CVE-2022-0930

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.

8CVSS5.3AI score0.00471EPSS
CVE
CVEadded 2022/06/20 9:15 a.m.90 views

CVE-2022-2130

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.

6.5CVSS6AI score0.10865EPSS
CVE
CVEadded 2022/03/01 9:15 a.m.89 views

CVE-2022-0777

Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.

7.5CVSS7.3AI score0.00483EPSS
CVE
CVEadded 2022/05/04 6:15 p.m.89 views

CVE-2022-1584

Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim

6.3CVSS6AI score0.00304EPSS
CVE
CVEadded 2023/04/05 5:15 p.m.89 views

CVE-2023-1877

Command Injection in GitHub repository microweber/microweber prior to 1.3.3.

9.8CVSS8.1AI score0.00513EPSS
CVE
CVEadded 2022/02/15 2:15 p.m.88 views

CVE-2022-0596

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.

5.4CVSS4.6AI score0.00261EPSS
CVE
CVEadded 2022/04/27 11:15 a.m.83 views

CVE-2022-1504

XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.

6.3CVSS6AI score0.00327EPSS
CVE
CVEadded 2022/02/18 3:15 p.m.82 views

CVE-2022-0666

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.

7.6CVSS7.5AI score0.21426EPSS
CVE
CVEadded 2022/06/29 4:15 p.m.82 views

CVE-2022-2252

Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.

6.1CVSS5.1AI score0.00204EPSS
CVE
CVEadded 2022/05/09 2:15 p.m.79 views

CVE-2022-1631

Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pr...

8.8CVSS7.7AI score0.0425EPSS
CVE
CVEadded 2022/12/21 1:15 a.m.78 views

CVE-2022-4617

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.

6.1CVSS4.8AI score0.00465EPSS
CVE
CVEadded 2022/02/08 9:15 a.m.77 views

CVE-2022-0504

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.

6.5CVSS6.3AI score0.00288EPSS
CVE
CVEadded 2022/05/04 9:15 a.m.77 views

CVE-2022-1555

DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...

8.8CVSS6.4AI score0.00858EPSS
CVE
CVEadded 2022/06/22 12:15 p.m.77 views

CVE-2022-2174

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.

6.5CVSS6AI score0.16993EPSS
CVE
CVEadded 2022/07/11 8:15 a.m.77 views

CVE-2022-2368

Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.

9.8CVSS8AI score0.00129EPSS
CVE
CVEadded 2022/01/20 11:15 a.m.76 views

CVE-2022-0281

Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.

7.5CVSS7.4AI score0.34183EPSS
Total number of security vulnerabilities90