66 matches found
CVE-2022-0928
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
CVE-2022-0557
OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0895
Static Code Injection in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0660
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0912
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.
CVE-2022-0954
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
CVE-2022-0678
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0719
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0723
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.
CVE-2022-0597
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0689
Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0690
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0896
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0913
Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-1036
Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.
CVE-2022-0688
Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0763
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0961
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.
CVE-2022-0558
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0560
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0721
Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0638
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0963
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
CVE-2022-0724
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0906
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.
CVE-2022-0762
Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0968
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.
CVE-2022-0378
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0929
XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
CVE-2022-2130
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.
CVE-2022-0921
Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.
CVE-2022-0926
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
CVE-2022-0777
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0930
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
CVE-2022-1584
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim
CVE-2022-0596
Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0666
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-1504
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.
CVE-2022-2252
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.
CVE-2022-1631
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pr...
CVE-2022-2174
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.
CVE-2022-4617
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2022-0281
Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0504
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-1555
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...
CVE-2022-2368
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.
CVE-2022-2300
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
CVE-2022-4647
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2022-1439
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.
CVE-2022-2470
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.