VYPR

Vendor CVEs

Microweber

All CVEs

108 total · sorted by risk
  • CVE-2020-23138CriNov 9, 2020
    risk 0.64cvss 9.8epss 0.01

    An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.

  • CVE-2023-49052HigNov 30, 2023
    risk 0.57cvss 8.8epss 0.02

    File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.

  • CVE-2023-1877CriApr 5, 2023
    risk 0.57cvss 9.8epss 0.02

    Command Injection in GitHub repository microweber/microweber prior to 1.3.3.

  • CVE-2022-33012HigNov 22, 2022
    risk 0.57cvss 8.8epss 0.01

    Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.

  • CVE-2021-36461HigJul 15, 2022
    risk 0.57cvss 8.8epss 0.01

    An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.

  • CVE-2022-0895CriMar 10, 2022
    risk 0.57cvss 9.8epss 0.02

    Static Code Injection in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2022-1631HigMay 9, 2022
    risk 0.54cvss 8.8epss 0.09

    Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows…

  • CVE-2020-23140HigNov 9, 2020
    risk 0.53cvss 8.1epss 0.01

    Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.

  • CVE-2023-2240HigApr 22, 2023
    risk 0.50cvss 8.8epss 0.01

    Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.

  • CVE-2022-0896HigMar 9, 2022
    risk 0.50cvss 8.8epss 0.01

    Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2023-48122HigDec 8, 2023
    risk 0.49cvss 7.5epss 0.01

    An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.

  • CVE-2026-12198HigJun 15, 2026
    risk 0.47cvss 7.3epss 0.01

    A weakness has been identified in Microweber up to 2.0.20. This affects the function userfiles_path of the file /api_nosession/thumbnail_img of the component API Endpoint. Executing a manipulation of the argument cache_path_relative can lead to path traversal. It is possible to…

  • CVE-2022-0666HigFeb 18, 2022
    risk 0.45cvss 7.5epss 0.44

    CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-4732HigDec 27, 2022
    risk 0.43cvss 7.2epss 0.38

    Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.

  • CVE-2022-0281HigJan 20, 2022
    risk 0.43cvss 7.5epss 0.12

    Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2023-5318HigSep 30, 2023
    risk 0.42cvss 7.5epss 0.01

    Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.

  • CVE-2022-1036HigMar 22, 2022
    risk 0.42cvss 7.5epss 0.01

    Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.

  • CVE-2022-0913HigMar 11, 2022
    risk 0.42cvss 7.5epss 0.01

    Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2022-0777HigMar 1, 2022
    risk 0.42cvss 7.5epss 0.01

    Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2022-0660HigFeb 18, 2022
    risk 0.42cvss 7.5epss 0.07

    Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0698MedNov 25, 2022
    risk 0.40cvss 6.1epss 0.01

    Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.

  • CVE-2018-19917MedMar 21, 2019
    risk 0.40cvss 6.1epss 0.02

    Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.

  • CVE-2022-0921MedMar 11, 2022
    risk 0.37cvss 6.7epss 0.02

    Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.

  • CVE-2020-23139MedNov 9, 2020
    risk 0.36cvss 5.5epss 0.00

    Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise.

  • CVE-2023-6566MedDec 7, 2023
    risk 0.35cvss 6.5epss 0.00

    Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

  • CVE-2023-2239MedApr 22, 2023
    risk 0.35cvss 6.5epss 0.01

    Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.

  • CVE-2022-2368MedJul 11, 2022
    risk 0.35cvss 6.5epss 0.01

    Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.

  • CVE-2022-0724MedFeb 23, 2022
    risk 0.35cvss 6.5epss 0.01

    Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2022-0721MedFeb 23, 2022
    risk 0.35cvss 6.5epss 0.01

    Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2022-0505MedFeb 8, 2022
    risk 0.35cvss 6.5epss 0.01

    Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0504MedFeb 8, 2022
    risk 0.35cvss 6.5epss 0.01

    Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0277MedJan 20, 2022
    risk 0.35cvss 6.5epss 0.01

    Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2023-5244MedSep 28, 2023
    risk 0.33cvss 6.1epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.

  • CVE-2021-32856MedFeb 21, 2023
    risk 0.33cvss 6.1epss 0.01

    Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A…

  • CVE-2022-4647MedDec 22, 2022
    risk 0.33cvss 6.1epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.

  • CVE-2022-4617MedDec 21, 2022
    risk 0.33cvss 6.1epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.

  • CVE-2022-3245MedSep 20, 2022
    risk 0.33cvss 6.1epss 0.01

    HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.

  • CVE-2022-3242MedSep 20, 2022
    risk 0.33cvss 6.1epss 0.01

    Code Injection in GitHub repository microweber/microweber prior to 1.3.2.

  • CVE-2022-2470MedJul 22, 2022
    risk 0.33cvss 6.1epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.

  • CVE-2022-2353MedJul 9, 2022
    risk 0.33cvss 6.1epss 0.00

    Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.

  • CVE-2022-2252MedJun 29, 2022
    risk 0.33cvss 6.1epss 0.01

    Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.

  • CVE-2022-2174MedJun 22, 2022
    risk 0.33cvss 6.1epss 0.03

    Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.

  • CVE-2022-2130MedJun 20, 2022
    risk 0.33cvss 6.1epss 0.03

    Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.

  • CVE-2022-1584MedMay 4, 2022
    risk 0.33cvss 6.1epss 0.01

    Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim

  • CVE-2022-1555MedMay 4, 2022
    risk 0.33cvss 6.1epss 0.01

    DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...

  • CVE-2022-1504MedApr 27, 2022
    risk 0.33cvss 6.1epss 0.01

    XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.

  • CVE-2022-1439MedApr 22, 2022
    risk 0.33cvss 6.1epss 0.03

    Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without…

  • CVE-2022-0929MedMar 12, 2022
    risk 0.33cvss 6.1epss 0.01

    XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.

  • CVE-2022-0690MedFeb 19, 2022
    risk 0.33cvss 6.1epss 0.01

    Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0678MedFeb 19, 2022
    risk 0.33cvss 6.1epss 0.02

    Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

Page 1 of 3