Microweber
by Microweber
Source repositories
CVEs (108)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0698 | Med | 0.40 | 6.1 | 0.01 | Nov 25, 2022 | Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter. | ||
| CVE-2018-19917 | Med | 0.40 | 6.1 | 0.02 | Mar 21, 2019 | Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities. | ||
| CVE-2022-0921 | Med | 0.37 | 6.7 | 0.02 | Mar 11, 2022 | Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. | ||
| CVE-2020-23139 | Med | 0.36 | 5.5 | 0.00 | Nov 9, 2020 | Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise. | ||
| CVE-2023-6566 | Med | 0.35 | 6.5 | 0.00 | Dec 7, 2023 | Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. | ||
| CVE-2023-2239 | Med | 0.35 | 6.5 | 0.01 | Apr 22, 2023 | Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4. | ||
| CVE-2022-2368 | Med | 0.35 | 6.5 | 0.01 | Jul 11, 2022 | Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. | ||
| CVE-2022-0724 | Med | 0.35 | 6.5 | 0.01 | Feb 23, 2022 | Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3. | ||
| CVE-2022-0721 | Med | 0.35 | 6.5 | 0.01 | Feb 23, 2022 | Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3. | ||
| CVE-2022-0505 | Med | 0.35 | 6.5 | 0.01 | Feb 8, 2022 | Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0504 | Med | 0.35 | 6.5 | 0.01 | Feb 8, 2022 | Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0277 | Med | 0.35 | 6.5 | 0.01 | Jan 20, 2022 | Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2023-5244 | Med | 0.33 | 6.1 | 0.01 | Sep 28, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0. | ||
| CVE-2021-32856 | Med | 0.33 | 6.1 | 0.01 | Feb 21, 2023 | Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A… | ||
| CVE-2022-4647 | Med | 0.33 | 6.1 | 0.00 | Dec 22, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2. | ||
| CVE-2022-4617 | Med | 0.33 | 6.1 | 0.01 | Dec 21, 2022 | Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2. | ||
| CVE-2022-3245 | Med | 0.33 | 6.1 | 0.01 | Sep 20, 2022 | HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input. | ||
| CVE-2022-3242 | Med | 0.33 | 6.1 | 0.01 | Sep 20, 2022 | Code Injection in GitHub repository microweber/microweber prior to 1.3.2. | ||
| CVE-2022-2470 | Med | 0.33 | 6.1 | 0.01 | Jul 22, 2022 | Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21. | ||
| CVE-2022-2353 | Med | 0.33 | 6.1 | 0.00 | Jul 9, 2022 | Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user. |
- risk 0.40cvss 6.1epss 0.01
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.
- risk 0.40cvss 6.1epss 0.02
Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.
- risk 0.37cvss 6.7epss 0.02
Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.
- risk 0.36cvss 5.5epss 0.00
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise.
- risk 0.35cvss 6.5epss 0.00
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
- risk 0.35cvss 6.5epss 0.01
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.
- risk 0.35cvss 6.5epss 0.01
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.
- risk 0.35cvss 6.5epss 0.01
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
- risk 0.35cvss 6.5epss 0.01
Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.
- risk 0.35cvss 6.5epss 0.01
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.
- risk 0.35cvss 6.5epss 0.01
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.
- risk 0.35cvss 6.5epss 0.01
Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11.
- risk 0.33cvss 6.1epss 0.01
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.
- risk 0.33cvss 6.1epss 0.01
Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A…
- risk 0.33cvss 6.1epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
- risk 0.33cvss 6.1epss 0.01
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
- risk 0.33cvss 6.1epss 0.01
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.
- risk 0.33cvss 6.1epss 0.01
Code Injection in GitHub repository microweber/microweber prior to 1.3.2.
- risk 0.33cvss 6.1epss 0.01
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.
- risk 0.33cvss 6.1epss 0.00
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.
Page 2 of 6