Microweber
by Microweber
Source repositories
CVEs (108)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-2252 | Med | 0.33 | 6.1 | 0.01 | Jun 29, 2022 | Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. | ||
| CVE-2022-2174 | Med | 0.33 | 6.1 | 0.03 | Jun 22, 2022 | Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18. | ||
| CVE-2022-2130 | Med | 0.33 | 6.1 | 0.03 | Jun 20, 2022 | Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. | ||
| CVE-2022-1584 | Med | 0.33 | 6.1 | 0.01 | May 4, 2022 | Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim | ||
| CVE-2022-1555 | Med | 0.33 | 6.1 | 0.01 | May 4, 2022 | DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie... | ||
| CVE-2022-1504 | Med | 0.33 | 6.1 | 0.01 | Apr 27, 2022 | XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks. | ||
| CVE-2022-1439 | Med | 0.33 | 6.1 | 0.03 | Apr 22, 2022 | Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without… | ||
| CVE-2022-0929 | Med | 0.33 | 6.1 | 0.01 | Mar 12, 2022 | XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0690 | Med | 0.33 | 6.1 | 0.01 | Feb 19, 2022 | Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0678 | Med | 0.33 | 6.1 | 0.02 | Feb 19, 2022 | Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0597 | Med | 0.33 | 6.1 | 0.03 | Feb 15, 2022 | Open Redirect in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0560 | Med | 0.33 | 6.1 | 0.01 | Feb 11, 2022 | Open Redirect in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0968 | Med | 0.29 | 5.5 | 0.04 | Mar 15, 2022 | The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12. | ||
| CVE-2022-0961 | Med | 0.29 | 5.5 | 0.01 | Mar 15, 2022 | The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12. | ||
| CVE-2022-0762 | Med | 0.29 | 5.5 | 0.01 | Feb 26, 2022 | Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3. | ||
| CVE-2023-3142 | Med | 0.28 | 5.4 | 0.00 | Jun 7, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. | ||
| CVE-2023-1881 | Med | 0.28 | 5.4 | 0.00 | Apr 5, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. | ||
| CVE-2023-0608 | Med | 0.28 | 5.4 | 0.01 | Feb 1, 2023 | Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2. | ||
| CVE-2022-2777 | Med | 0.28 | 5.4 | 0.00 | Aug 11, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1. | ||
| CVE-2022-2300 | Med | 0.28 | 5.4 | 0.01 | Jul 4, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. |
- risk 0.33cvss 6.1epss 0.01
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.
- risk 0.33cvss 6.1epss 0.03
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.
- risk 0.33cvss 6.1epss 0.03
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.
- risk 0.33cvss 6.1epss 0.01
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim
- risk 0.33cvss 6.1epss 0.01
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...
- risk 0.33cvss 6.1epss 0.01
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.
- risk 0.33cvss 6.1epss 0.03
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without…
- risk 0.33cvss 6.1epss 0.01
XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
- risk 0.33cvss 6.1epss 0.01
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
- risk 0.33cvss 6.1epss 0.02
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
- risk 0.33cvss 6.1epss 0.03
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
- risk 0.33cvss 6.1epss 0.01
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
- risk 0.29cvss 5.5epss 0.04
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.
- risk 0.29cvss 5.5epss 0.01
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.
- risk 0.29cvss 5.5epss 0.01
Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.
- risk 0.28cvss 5.4epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
- risk 0.28cvss 5.4epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
- risk 0.28cvss 5.4epss 0.01
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.
- risk 0.28cvss 5.4epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.
- risk 0.28cvss 5.4epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
Page 3 of 6