Microweber
by Microweber
Source repositories
CVEs (108)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-41381 | 0.00 | — | 0.00 | Aug 5, 2024 | microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php. | |||
| CVE-2024-41380 | 0.00 | — | 0.00 | Aug 5, 2024 | microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php. | |||
| CVE-2021-32857 | Med | 0.00 | 6.1 | 0.01 | Feb 21, 2023 | Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue. | ||
| CVE-2022-0855 | Med | 0.00 | 6.1 | 0.01 | Mar 4, 2022 | Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4. | ||
| CVE-2022-0557 | Hig | 0.00 | 7.2 | 0.51 | Feb 11, 2022 | OS Command Injection in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2018-17104 | Hig | 0.00 | 8.8 | 0.01 | Sep 16, 2018 | An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user. | ||
| CVE-2014-9464 | 0.00 | — | 0.02 | Jan 3, 2015 | SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable. | |||
| CVE-2013-5984 | 0.00 | — | 0.03 | May 12, 2014 | Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter. |
- CVE-2024-41381Aug 5, 2024risk 0.00cvss —epss 0.00
microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php.
- CVE-2024-41380Aug 5, 2024risk 0.00cvss —epss 0.00
microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php.
- risk 0.00cvss 6.1epss 0.01
Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.
- risk 0.00cvss 6.1epss 0.01
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4.
- risk 0.00cvss 7.2epss 0.51
OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
- risk 0.00cvss 8.8epss 0.01
An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.
- CVE-2014-9464Jan 3, 2015risk 0.00cvss —epss 0.02
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
- CVE-2013-5984May 12, 2014risk 0.00cvss —epss 0.03
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter.
Page 6 of 6