VYPR

Vendor CVEs

Microweber

All CVEs

108 total · sorted by risk
  • CVE-2022-0597MedFeb 15, 2022
    risk 0.33cvss 6.1epss 0.03

    Open Redirect in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0560MedFeb 11, 2022
    risk 0.33cvss 6.1epss 0.01

    Open Redirect in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0968MedMar 15, 2022
    risk 0.29cvss 5.5epss 0.04

    The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.

  • CVE-2022-0961MedMar 15, 2022
    risk 0.29cvss 5.5epss 0.01

    The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.

  • CVE-2022-0762MedFeb 26, 2022
    risk 0.29cvss 5.5epss 0.01

    Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2023-3142MedJun 7, 2023
    risk 0.28cvss 5.4epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.

  • CVE-2023-1881MedApr 5, 2023
    risk 0.28cvss 5.4epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.

  • CVE-2023-0608MedFeb 1, 2023
    risk 0.28cvss 5.4epss 0.01

    Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.

  • CVE-2022-2777MedAug 11, 2022
    risk 0.28cvss 5.4epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.

  • CVE-2022-2300MedJul 4, 2022
    risk 0.28cvss 5.4epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.

  • CVE-2022-2280MedJul 1, 2022
    risk 0.28cvss 5.4epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.

  • CVE-2022-0963MedMar 15, 2022
    risk 0.28cvss 5.4epss 0.02

    Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.

  • CVE-2022-0954MedMar 15, 2022
    risk 0.28cvss 5.4epss 0.03

    Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.

  • CVE-2022-0928MedMar 11, 2022
    risk 0.28cvss 5.4epss 0.02

    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.

  • CVE-2022-0723MedFeb 26, 2022
    risk 0.28cvss 5.4epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.

  • CVE-2022-0719MedFeb 23, 2022
    risk 0.28cvss 5.4epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2022-0689MedFeb 19, 2022
    risk 0.28cvss 5.3epss 0.01

    Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0558MedFeb 10, 2022
    risk 0.28cvss 5.4epss 0.01

    Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0506MedFeb 8, 2022
    risk 0.28cvss 5.4epss 0.01

    Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0379MedJan 26, 2022
    risk 0.28cvss 5.4epss 0.01

    Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0378MedJan 26, 2022
    risk 0.28cvss 5.4epss 0.04

    Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0278MedJan 20, 2022
    risk 0.28cvss 5.4epss 0.01

    Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0688MedFeb 20, 2022
    risk 0.25cvss 4.9epss 0.01

    Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2023-5861MedOct 31, 2023
    risk 0.24cvss 4.8epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.

  • CVE-2023-2014MedApr 13, 2023
    risk 0.24cvss 4.8epss 0.00

    Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.

  • CVE-2023-1081MedFeb 28, 2023
    risk 0.24cvss 4.8epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.

  • CVE-2022-2495MedJul 22, 2022
    risk 0.24cvss 4.8epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.

  • CVE-2022-0930MedMar 12, 2022
    risk 0.24cvss 4.8epss 0.01

    File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.

  • CVE-2022-0926MedMar 12, 2022
    risk 0.24cvss 4.8epss 0.01

    File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.

  • CVE-2022-0912MedMar 11, 2022
    risk 0.24cvss 4.8epss 0.01

    Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.

  • CVE-2022-0906MedMar 10, 2022
    risk 0.24cvss 4.8epss 0.01

    Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.

  • CVE-2022-0763MedFeb 26, 2022
    risk 0.24cvss 4.8epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2023-6832MedDec 15, 2023
    risk 0.21cvss 4.3epss 0.01

    Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

  • CVE-2023-6599MedDec 8, 2023
    risk 0.21cvss 4.3epss 0.00

    Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.

  • CVE-2023-5976MedNov 7, 2023
    risk 0.21cvss 4.3epss 0.00

    Improper Access Control in GitHub repository microweber/microweber prior to 2.0.

  • CVE-2022-0638MedFeb 17, 2022
    risk 0.21cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0596MedFeb 15, 2022
    risk 0.21cvss 4.3epss 0.01

    Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0282MedJan 20, 2022
    risk 0.21cvss 4.3epss 0.02

    Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2025-70791Feb 5, 2026
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the…

  • CVE-2025-70792Feb 5, 2026
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's…

  • CVE-2024-58289Dec 11, 2025
    risk 0.00cvss epss 0.00

    Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other…

  • CVE-2025-60954Oct 24, 2025
    risk 0.00cvss epss 0.00

    Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including…

  • CVE-2025-51502Aug 1, 2025
    risk 0.00cvss epss 0.01

    Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.

  • CVE-2025-51501Aug 1, 2025
    risk 0.00cvss epss 0.01

    Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.

  • CVE-2025-51504Aug 1, 2025
    risk 0.00cvss epss 0.00

    Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.

  • CVE-2025-2214Mar 11, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/website_group/index.php of the component Settings Handler. The manipulation of the argument group leads to…

  • CVE-2024-33297Jan 10, 2025
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function

  • CVE-2024-33298Jan 10, 2025
    risk 0.00cvss epss 0.01

    Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup

  • CVE-2024-33299Jan 10, 2025
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users

  • CVE-2024-40101Aug 6, 2024
    risk 0.00cvss epss 0.01

    A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter.