Vendor CVEs
Microweber
All CVEs
108 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0597 | Med | 0.33 | 6.1 | 0.03 | Feb 15, 2022 | Open Redirect in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0560 | Med | 0.33 | 6.1 | 0.01 | Feb 11, 2022 | Open Redirect in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0968 | Med | 0.29 | 5.5 | 0.04 | Mar 15, 2022 | The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12. | ||
| CVE-2022-0961 | Med | 0.29 | 5.5 | 0.01 | Mar 15, 2022 | The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12. | ||
| CVE-2022-0762 | Med | 0.29 | 5.5 | 0.01 | Feb 26, 2022 | Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3. | ||
| CVE-2023-3142 | Med | 0.28 | 5.4 | 0.00 | Jun 7, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. | ||
| CVE-2023-1881 | Med | 0.28 | 5.4 | 0.00 | Apr 5, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. | ||
| CVE-2023-0608 | Med | 0.28 | 5.4 | 0.01 | Feb 1, 2023 | Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2. | ||
| CVE-2022-2777 | Med | 0.28 | 5.4 | 0.00 | Aug 11, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1. | ||
| CVE-2022-2300 | Med | 0.28 | 5.4 | 0.01 | Jul 4, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. | ||
| CVE-2022-2280 | Med | 0.28 | 5.4 | 0.01 | Jul 1, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. | ||
| CVE-2022-0963 | Med | 0.28 | 5.4 | 0.02 | Mar 15, 2022 | Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | ||
| CVE-2022-0954 | Med | 0.28 | 5.4 | 0.03 | Mar 15, 2022 | Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0928 | Med | 0.28 | 5.4 | 0.02 | Mar 11, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12. | ||
| CVE-2022-0723 | Med | 0.28 | 5.4 | 0.01 | Feb 26, 2022 | Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0719 | Med | 0.28 | 5.4 | 0.01 | Feb 23, 2022 | Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3. | ||
| CVE-2022-0689 | Med | 0.28 | 5.3 | 0.01 | Feb 19, 2022 | Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0558 | Med | 0.28 | 5.4 | 0.01 | Feb 10, 2022 | Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0506 | Med | 0.28 | 5.4 | 0.01 | Feb 8, 2022 | Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0379 | Med | 0.28 | 5.4 | 0.01 | Jan 26, 2022 | Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0378 | Med | 0.28 | 5.4 | 0.04 | Jan 26, 2022 | Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0278 | Med | 0.28 | 5.4 | 0.01 | Jan 20, 2022 | Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0688 | Med | 0.25 | 4.9 | 0.01 | Feb 20, 2022 | Business Logic Errors in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2023-5861 | Med | 0.24 | 4.8 | 0.00 | Oct 31, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. | ||
| CVE-2023-2014 | Med | 0.24 | 4.8 | 0.00 | Apr 13, 2023 | Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3. | ||
| CVE-2023-1081 | Med | 0.24 | 4.8 | 0.00 | Feb 28, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. | ||
| CVE-2022-2495 | Med | 0.24 | 4.8 | 0.01 | Jul 22, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21. | ||
| CVE-2022-0930 | Med | 0.24 | 4.8 | 0.01 | Mar 12, 2022 | File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | ||
| CVE-2022-0926 | Med | 0.24 | 4.8 | 0.01 | Mar 12, 2022 | File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | ||
| CVE-2022-0912 | Med | 0.24 | 4.8 | 0.01 | Mar 11, 2022 | Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0906 | Med | 0.24 | 4.8 | 0.01 | Mar 10, 2022 | Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12. | ||
| CVE-2022-0763 | Med | 0.24 | 4.8 | 0.01 | Feb 26, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3. | ||
| CVE-2023-6832 | Med | 0.21 | 4.3 | 0.01 | Dec 15, 2023 | Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. | ||
| CVE-2023-6599 | Med | 0.21 | 4.3 | 0.00 | Dec 8, 2023 | Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0. | ||
| CVE-2023-5976 | Med | 0.21 | 4.3 | 0.00 | Nov 7, 2023 | Improper Access Control in GitHub repository microweber/microweber prior to 2.0. | ||
| CVE-2022-0638 | Med | 0.21 | 4.3 | 0.00 | Feb 17, 2022 | Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0596 | Med | 0.21 | 4.3 | 0.01 | Feb 15, 2022 | Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2022-0282 | Med | 0.21 | 4.3 | 0.02 | Jan 20, 2022 | Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11. | ||
| CVE-2025-70791 | 0.00 | — | 0.00 | Feb 5, 2026 | Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the… | |||
| CVE-2025-70792 | 0.00 | — | 0.00 | Feb 5, 2026 | Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's… | |||
| CVE-2024-58289 | 0.00 | — | 0.00 | Dec 11, 2025 | Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other… | |||
| CVE-2025-60954 | 0.00 | — | 0.00 | Oct 24, 2025 | Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including… | |||
| CVE-2025-51502 | 0.00 | — | 0.01 | Aug 1, 2025 | Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users. | |||
| CVE-2025-51501 | 0.00 | — | 0.01 | Aug 1, 2025 | Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript. | |||
| CVE-2025-51504 | 0.00 | — | 0.00 | Aug 1, 2025 | Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field. | |||
| CVE-2025-2214 | 0.00 | — | 0.00 | Mar 11, 2025 | A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/website_group/index.php of the component Settings Handler. The manipulation of the argument group leads to… | |||
| CVE-2024-33297 | 0.00 | — | 0.01 | Jan 10, 2025 | Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function | |||
| CVE-2024-33298 | 0.00 | — | 0.01 | Jan 10, 2025 | Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup | |||
| CVE-2024-33299 | 0.00 | — | 0.01 | Jan 10, 2025 | Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users | |||
| CVE-2024-40101 | 0.00 | — | 0.01 | Aug 6, 2024 | A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter. |
- risk 0.33cvss 6.1epss 0.03
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
- risk 0.33cvss 6.1epss 0.01
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
- risk 0.29cvss 5.5epss 0.04
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.
- risk 0.29cvss 5.5epss 0.01
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.
- risk 0.29cvss 5.5epss 0.01
Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.
- risk 0.28cvss 5.4epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
- risk 0.28cvss 5.4epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
- risk 0.28cvss 5.4epss 0.01
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.
- risk 0.28cvss 5.4epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.
- risk 0.28cvss 5.4epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
- risk 0.28cvss 5.4epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
- risk 0.28cvss 5.4epss 0.02
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
- risk 0.28cvss 5.4epss 0.03
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
- risk 0.28cvss 5.4epss 0.02
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
- risk 0.28cvss 5.4epss 0.01
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.
- risk 0.28cvss 5.4epss 0.01
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.
- risk 0.28cvss 5.3epss 0.01
Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.
- risk 0.28cvss 5.4epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
- risk 0.28cvss 5.4epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
- risk 0.28cvss 5.4epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
- risk 0.28cvss 5.4epss 0.04
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
- risk 0.28cvss 5.4epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
- risk 0.25cvss 4.9epss 0.01
Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.
- risk 0.24cvss 4.8epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
- risk 0.24cvss 4.8epss 0.00
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
- risk 0.24cvss 4.8epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
- risk 0.24cvss 4.8epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.
- risk 0.24cvss 4.8epss 0.01
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
- risk 0.24cvss 4.8epss 0.01
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
- risk 0.24cvss 4.8epss 0.01
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.
- risk 0.24cvss 4.8epss 0.01
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.
- risk 0.24cvss 4.8epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.
- risk 0.21cvss 4.3epss 0.01
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
- risk 0.21cvss 4.3epss 0.00
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.
- risk 0.21cvss 4.3epss 0.00
Improper Access Control in GitHub repository microweber/microweber prior to 2.0.
- risk 0.21cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.
- risk 0.21cvss 4.3epss 0.01
Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.
- risk 0.21cvss 4.3epss 0.02
Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.
- CVE-2025-70791Feb 5, 2026risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the…
- CVE-2025-70792Feb 5, 2026risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's…
- CVE-2024-58289Dec 11, 2025risk 0.00cvss —epss 0.00
Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other…
- CVE-2025-60954Oct 24, 2025risk 0.00cvss —epss 0.00
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including…
- CVE-2025-51502Aug 1, 2025risk 0.00cvss —epss 0.01
Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
- CVE-2025-51501Aug 1, 2025risk 0.00cvss —epss 0.01
Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.
- CVE-2025-51504Aug 1, 2025risk 0.00cvss —epss 0.00
Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.
- CVE-2025-2214Mar 11, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/website_group/index.php of the component Settings Handler. The manipulation of the argument group leads to…
- CVE-2024-33297Jan 10, 2025risk 0.00cvss —epss 0.01
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function
- CVE-2024-33298Jan 10, 2025risk 0.00cvss —epss 0.01
Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup
- CVE-2024-33299Jan 10, 2025risk 0.00cvss —epss 0.01
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users
- CVE-2024-40101Aug 6, 2024risk 0.00cvss —epss 0.01
A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter.
Page 2 of 3