Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microweber Subscribe
Total 82 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2130 1 Microweber 1 Microweber 2022-06-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.
CVE-2022-1584 1 Microweber 1 Microweber 2022-05-11 4.3 MEDIUM 6.1 MEDIUM
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim
CVE-2022-1555 1 Microweber 1 Microweber 2022-05-11 4.3 MEDIUM 6.1 MEDIUM
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...
CVE-2022-1504 1 Microweber 1 Microweber 2022-05-05 4.3 MEDIUM 6.1 MEDIUM
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.
CVE-2022-1439 1 Microweber 1 Microweber 2022-04-28 4.3 MEDIUM 6.1 MEDIUM
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.
CVE-2022-1036 1 Microweber 1 Microweber 2022-03-28 5.0 MEDIUM 7.5 HIGH
Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.
CVE-2022-0961 1 Microweber 1 Microweber 2022-03-22 4.3 MEDIUM 5.5 MEDIUM
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.
CVE-2022-0963 1 Microweber 1 Microweber 2022-03-22 3.5 LOW 5.4 MEDIUM
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
CVE-2022-0968 1 Microweber 1 Microweber 2022-03-22 4.0 MEDIUM 5.5 MEDIUM
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.
CVE-2022-0928 1 Microweber 1 Microweber 2022-03-22 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
CVE-2022-0954 1 Microweber 1 Microweber 2022-03-21 3.5 LOW 5.4 MEDIUM
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
CVE-2022-0906 1 Microweber 1 Microweber 2022-03-21 3.5 LOW 4.8 MEDIUM
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.
CVE-2022-0895 1 Microweber 1 Microweber 2022-03-19 7.5 HIGH 9.8 CRITICAL
Static Code Injection in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0557 1 Microweber 1 Microweber 2022-03-18 9.0 HIGH 7.2 HIGH
OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0926 1 Microweber 1 Microweber 2022-03-18 3.5 LOW 4.8 MEDIUM
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
CVE-2022-0913 1 Microweber 1 Microweber 2022-03-18 5.0 MEDIUM 7.5 HIGH
Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0912 1 Microweber 1 Microweber 2022-03-18 3.5 LOW 4.8 MEDIUM
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.
CVE-2022-0930 1 Microweber 1 Microweber 2022-03-18 3.5 LOW 4.8 MEDIUM
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
CVE-2022-0929 1 Microweber 1 Microweber 2022-03-18 4.3 MEDIUM 6.1 MEDIUM
XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
CVE-2022-0921 1 Microweber 1 Microweber 2022-03-18 6.5 MEDIUM 6.7 MEDIUM
Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.