Vulnerabilities

Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.

Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.

Static Code Injection in GitHub repository microweber/microweber prior to 1.3.

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.

Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.

Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.

Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.

Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

Open Redirect in Packagist microweber/microweber prior to 1.2.11.

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.

Open Redirect in Packagist microweber/microweber prior to 1.2.11.

OS Command Injection in Packagist microweber/microweber prior to 1.2.11.

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.

Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11.