Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
microweber

Vulnerabilities

CVE-2024-41380

MEDIUM

microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php.

Published Aug 05, 2024

CVE-2024-41381

MEDIUM

microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php.

Published Aug 05, 2024

CVE-2023-6832

MEDIUM

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

Published Dec 15, 2023

CVE-2023-6599

LOW

Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.

Published Dec 08, 2023

CVE-2023-6566

MEDIUM

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

Published Dec 07, 2023

CVE-2023-5976

MEDIUM

Improper Access Control in GitHub repository microweber/microweber prior to 2.0.

Published Nov 07, 2023

CVE-2023-5861

MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.

Published Oct 31, 2023

CVE-2023-5318

MEDIUM

Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.

Published Sep 30, 2023

CVE-2023-5244

MEDIUM

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.

Published Sep 28, 2023

CVE-2023-3142

LOW

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.

Published Jun 07, 2023

CVE-2023-2240

HIGH

Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.

Published Apr 22, 2023

CVE-2023-2239

HIGH

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.

Published Apr 22, 2023

CVE-2023-2014

MEDIUM

Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.

Published Apr 13, 2023

CVE-2023-1881

HIGH

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.

Published Apr 05, 2023

CVE-2023-1877

MEDIUM

Command Injection in GitHub repository microweber/microweber prior to 1.3.3.

Published Apr 05, 2023

CVE-2023-1081

MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.

Published Feb 28, 2023

CVE-2021-32857

MEDIUM

Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.

Published Feb 20, 2023

CVE-2021-32856

MEDIUM

Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.

Published Feb 20, 2023

CVE-2023-0608

MEDIUM

Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.

Published Feb 01, 2023

CVE-2022-4732

MEDIUM

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.

Published Dec 24, 2022

CVE-2022-4647

MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.

Published Dec 22, 2022

CVE-2022-4617

LOW

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.

Published Dec 21, 2022

CVE-2022-3245

MEDIUM

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.

Published Sep 20, 2022

CVE-2022-3242

MEDIUM

Code Injection in GitHub repository microweber/microweber prior to 1.3.2.

Published Sep 20, 2022

CVE-2022-2777

MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.

Published Aug 11, 2022

CVE-2022-2470

MEDIUM

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.

Published Jul 22, 2022

CVE-2022-2495

MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.

Published Jul 22, 2022

CVE-2022-2368

MEDIUM

Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.

Published Jul 11, 2022

CVE-2022-2353

MEDIUM

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.

Published Jul 09, 2022

CVE-2022-2300

MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.

Published Jul 04, 2022

CVE-2022-2280

MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.

Published Jul 01, 2022

CVE-2022-2252

MEDIUM

Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.

Published Jun 29, 2022

CVE-2022-2174

MEDIUM

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.

Published Jun 22, 2022

CVE-2022-2130

MEDIUM

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.

Published Jun 20, 2022

CVE-2022-1631

MEDIUM

Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker’s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee’s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee’s account.

Published May 09, 2022

CVE-2022-1584

MEDIUM

Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim

Published May 04, 2022

CVE-2022-1555

HIGH

DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...

Published May 04, 2022

CVE-2022-1504

MEDIUM

XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.

Published Apr 27, 2022

CVE-2022-1439

MEDIUM

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.

Published Apr 22, 2022

CVE-2022-1036

MEDIUM

Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.

Published Mar 22, 2022

CVE-2022-0968

HIGH

The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.

Published Mar 15, 2022

CVE-2022-0963

MEDIUM

Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.

Published Mar 15, 2022

CVE-2022-0961

HIGH

The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.

Published Mar 15, 2022

CVE-2022-0954

MEDIUM

Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.

Published Mar 15, 2022

CVE-2022-0930

HIGH

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.

Published Mar 12, 2022

CVE-2022-0929

MEDIUM

XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.

Published Mar 12, 2022

CVE-2022-0926

HIGH

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.

Published Mar 12, 2022

CVE-2022-0921

HIGH

Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.

Published Mar 11, 2022

CVE-2022-0928

MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.

Published Mar 11, 2022

CVE-2022-0912

MEDIUM

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.

Published Mar 11, 2022
Next