Microweber is drag and drop website builder and CMS with E-commerce. The microweber prior 1.2.12 application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. The post title input can be limited to 500 characters or max 1000 characters as a workaround.

Affected Packages

Packagist microweber/microweber

Affected versions: 0 (last affected: 1.2.11)

Related CVEs

CVE-2022-0961

Key Information

GHSA ID

GHSA-hrf4-hcpc-3345

Published

March 16, 2022 12:00 AM

Last Modified

March 25, 2022 5:09 PM

CVSS Score

7.5 /10

Primary Ecosystem

Packagist

Primary Package

microweber/microweber

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.