VYPR

Vendor CVEs

Microweber

All CVEs

108 total · sorted by risk
  • CVE-2024-41381Aug 5, 2024
    risk 0.00cvss epss 0.00

    microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php.

  • CVE-2024-41380Aug 5, 2024
    risk 0.00cvss epss 0.00

    microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php.

  • CVE-2021-32857MedFeb 21, 2023
    risk 0.00cvss 6.1epss 0.01

    Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.

  • CVE-2022-0855MedMar 4, 2022
    risk 0.00cvss 6.1epss 0.01

    Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4.

  • CVE-2022-0557HigFeb 11, 2022
    risk 0.00cvss 7.2epss 0.51

    OS Command Injection in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2018-17104HigSep 16, 2018
    risk 0.00cvss 8.8epss 0.01

    An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.

  • CVE-2014-9464Jan 3, 2015
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.

  • CVE-2013-5984May 12, 2014
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter.

Page 3 of 3