VYPR

Microweber

by Microweber

Source repositories

CVEs (108)

  • CVE-2022-0698MedNov 25, 2022
    risk 0.40cvss 6.1epss 0.01

    Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.

  • CVE-2018-19917MedMar 21, 2019
    risk 0.40cvss 6.1epss 0.02

    Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.

  • CVE-2022-0921MedMar 11, 2022
    risk 0.37cvss 6.7epss 0.02

    Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.

  • CVE-2020-23139MedNov 9, 2020
    risk 0.36cvss 5.5epss 0.00

    Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise.

  • CVE-2023-6566MedDec 7, 2023
    risk 0.35cvss 6.5epss 0.00

    Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

  • CVE-2023-2239MedApr 22, 2023
    risk 0.35cvss 6.5epss 0.01

    Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.

  • CVE-2022-2368MedJul 11, 2022
    risk 0.35cvss 6.5epss 0.01

    Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.

  • CVE-2022-0724MedFeb 23, 2022
    risk 0.35cvss 6.5epss 0.01

    Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2022-0721MedFeb 23, 2022
    risk 0.35cvss 6.5epss 0.01

    Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2022-0505MedFeb 8, 2022
    risk 0.35cvss 6.5epss 0.01

    Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0504MedFeb 8, 2022
    risk 0.35cvss 6.5epss 0.01

    Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0277MedJan 20, 2022
    risk 0.35cvss 6.5epss 0.01

    Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2023-5244MedSep 28, 2023
    risk 0.33cvss 6.1epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.

  • CVE-2021-32856MedFeb 21, 2023
    risk 0.33cvss 6.1epss 0.01

    Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A…

  • CVE-2022-4647MedDec 22, 2022
    risk 0.33cvss 6.1epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.

  • CVE-2022-4617MedDec 21, 2022
    risk 0.33cvss 6.1epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.

  • CVE-2022-3245MedSep 20, 2022
    risk 0.33cvss 6.1epss 0.01

    HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.

  • CVE-2022-3242MedSep 20, 2022
    risk 0.33cvss 6.1epss 0.01

    Code Injection in GitHub repository microweber/microweber prior to 1.3.2.

  • CVE-2022-2470MedJul 22, 2022
    risk 0.33cvss 6.1epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.

  • CVE-2022-2353MedJul 9, 2022
    risk 0.33cvss 6.1epss 0.00

    Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.

Page 2 of 6