microweber microweber/microweber vunspecified - 78 CVEs

CVE-2023-6832

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

MEDIUM CVSS 6.0 Published Dec 15, 2023

CVE-2023-6599

Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.

LOW CVSS 3.1 Published Dec 08, 2023

CVE-2023-6566

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

MEDIUM CVSS 5.9 Published Dec 07, 2023

CVE-2023-5976

Improper Access Control in GitHub repository microweber/microweber prior to 2.0.

MEDIUM CVSS 4.6 Published Nov 07, 2023

CVE-2023-5861

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.

MEDIUM CVSS 6.4 Published Oct 31, 2023

CVE-2023-5318

Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.

MEDIUM CVSS 5.8 Published Sep 30, 2023

CVE-2023-5244

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.

MEDIUM CVSS 5.0 Published Sep 28, 2023

CVE-2023-3142

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.

LOW CVSS 3.8 Published Jun 07, 2023

CVE-2023-2239

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.

HIGH CVSS 7.1 Published Apr 22, 2023

CVE-2023-2240

Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.

HIGH CVSS 8.8 Published Apr 22, 2023

CVE-2023-2014

Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.

MEDIUM CVSS 5.3 Published Apr 13, 2023

CVE-2023-1881

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.

HIGH CVSS 7.4 Published Apr 05, 2023

CVE-2023-1877

Command Injection in GitHub repository microweber/microweber prior to 1.3.3.

MEDIUM CVSS 6.1 Published Apr 05, 2023

CVE-2023-1081

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.

MEDIUM CVSS 5.7 Published Feb 28, 2023

CVE-2023-0608

Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.

MEDIUM CVSS 6.3 Published Feb 01, 2023

CVE-2022-4732

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.

MEDIUM CVSS 4.7 Published Dec 24, 2022

CVE-2022-4647

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.

MEDIUM CVSS 5.1 Published Dec 22, 2022

CVE-2022-4617

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.

LOW CVSS 2.7 Published Dec 21, 2022

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.

MEDIUM CVSS 4.3 Published Sep 20, 2022

CVE-2022-3242

Code Injection in GitHub repository microweber/microweber prior to 1.3.2.

MEDIUM CVSS 4.3 Published Sep 20, 2022

CVE-2022-2777

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.

MEDIUM CVSS 6.6 Published Aug 11, 2022

CVE-2022-2470

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.

MEDIUM CVSS 6.5 Published Jul 22, 2022

CVE-2022-2495

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.

MEDIUM CVSS 6.8 Published Jul 22, 2022

CVE-2022-2368

Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.

MEDIUM CVSS 6.5 Published Jul 11, 2022

CVE-2022-2353

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.

MEDIUM CVSS 6.3 Published Jul 09, 2022

CVE-2022-2300

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.

MEDIUM CVSS 6.3 Published Jul 04, 2022

CVE-2022-2280

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.

MEDIUM CVSS 6.5 Published Jul 01, 2022

CVE-2022-2252

Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.

MEDIUM CVSS 4.3 Published Jun 29, 2022

CVE-2022-2174

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.

MEDIUM CVSS 6.5 Published Jun 22, 2022

CVE-2022-2130

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.

MEDIUM CVSS 6.5 Published Jun 20, 2022

CVE-2022-1631

Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker’s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee’s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee’s account.

MEDIUM CVSS 6.8 Published May 09, 2022

CVE-2022-1584

Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim

MEDIUM CVSS 6.3 Published May 04, 2022

CVE-2022-1555

DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...

HIGH CVSS 8.8 Published May 04, 2022

CVE-2022-1504

XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.

MEDIUM CVSS 6.3 Published Apr 27, 2022

CVE-2022-1439

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.

MEDIUM CVSS 6.3 Published Apr 22, 2022

CVE-2022-1036

Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.

MEDIUM CVSS 5.3 Published Mar 22, 2022

CVE-2022-0968

The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.

HIGH CVSS 7.2 Published Mar 15, 2022

CVE-2022-0963

Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.

MEDIUM CVSS 5.7 Published Mar 15, 2022

CVE-2022-0961

The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.

HIGH CVSS 7.1 Published Mar 15, 2022

CVE-2022-0954

Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.

MEDIUM CVSS 6.8 Published Mar 15, 2022

CVE-2022-0930

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.

HIGH CVSS 8.0 Published Mar 12, 2022

CVE-2022-0929

XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.

MEDIUM CVSS 6.8 Published Mar 12, 2022

CVE-2022-0926

File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.

HIGH CVSS 7.1 Published Mar 12, 2022

CVE-2022-0921

Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.

HIGH CVSS 7.2 Published Mar 11, 2022

CVE-2022-0928

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.

MEDIUM CVSS 6.8 Published Mar 11, 2022

CVE-2022-0912

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.

MEDIUM CVSS 4.8 Published Mar 11, 2022

CVE-2022-0913

Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.

CRITICAL CVSS 9.1 Published Mar 11, 2022

CVE-2022-0906

Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.

MEDIUM CVSS 4.3 Published Mar 10, 2022

CVE-2022-0895

Static Code Injection in GitHub repository microweber/microweber prior to 1.3.

HIGH CVSS 7.7 Published Mar 10, 2022

CVE-2022-0896

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.

HIGH CVSS 7.1 Published Mar 09, 2022

CVE-2022-0777

Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.

HIGH CVSS 7.3 Published Mar 01, 2022

CVE-2022-0723

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.

HIGH CVSS 8.0 Published Feb 26, 2022

CVE-2022-0763

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.

MEDIUM CVSS 4.3 Published Feb 26, 2022

CVE-2022-0762

Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.

MEDIUM CVSS 5.5 Published Feb 26, 2022

CVE-2022-0724

Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.

CRITICAL CVSS 9.1 Published Feb 23, 2022

CVE-2022-0721

Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.

HIGH CVSS 8.8 Published Feb 23, 2022

CVE-2022-0719

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.

HIGH CVSS 7.6 Published Feb 23, 2022

CVE-2022-0688

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.

CRITICAL CVSS 9.4 Published Feb 20, 2022

CVE-2022-0690

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

HIGH CVSS 8.8 Published Feb 19, 2022

CVE-2022-0689

Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.

MEDIUM CVSS 5.3 Published Feb 19, 2022

CVE-2022-0678

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

MEDIUM CVSS 6.5 Published Feb 19, 2022

CVE-2022-0666

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.

HIGH CVSS 7.6 Published Feb 18, 2022

CVE-2022-0660

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.

CRITICAL CVSS 9.4 Published Feb 18, 2022

CVE-2022-0638

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

MEDIUM CVSS 4.3 Published Feb 17, 2022

CVE-2022-0597

Open Redirect in Packagist microweber/microweber prior to 1.2.11.

MEDIUM CVSS 4.3 Published Feb 15, 2022

CVE-2022-0596

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.

MEDIUM CVSS 5.4 Published Feb 15, 2022

CVE-2022-0560

Open Redirect in Packagist microweber/microweber prior to 1.2.11.

MEDIUM CVSS 4.3 Published Feb 11, 2022

CVE-2022-0557

OS Command Injection in Packagist microweber/microweber prior to 1.2.11.

HIGH CVSS 8.1 Published Feb 11, 2022

CVE-2022-0558

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

CRITICAL CVSS 9.8 Published Feb 10, 2022

CVE-2022-0504

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.

MEDIUM CVSS 6.5 Published Feb 08, 2022

CVE-2022-0505

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

MEDIUM CVSS 5.7 Published Feb 08, 2022

CVE-2022-0506

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

HIGH CVSS 7.7 Published Feb 08, 2022

CVE-2022-0378

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.

HIGH CVSS 7.1 Published Jan 26, 2022

CVE-2022-0379

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

HIGH CVSS 8.1 Published Jan 26, 2022

CVE-2022-0282

Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.

MEDIUM CVSS 4.3 Published Jan 20, 2022

CVE-2022-0281

Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.

HIGH CVSS 7.5 Published Jan 20, 2022

CVE-2022-0278

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

HIGH CVSS 7.2 Published Jan 20, 2022

CVE-2022-0277

Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11.

MEDIUM CVSS 6.5 Published Jan 20, 2022

Version unspecified

Known Vulnerabilities

CVE-2023-6832

CVE-2023-6599

CVE-2023-6566

CVE-2023-5976

CVE-2023-5861

CVE-2023-5318

CVE-2023-5244

CVE-2023-3142

CVE-2023-2239

CVE-2023-2240

CVE-2023-2014

CVE-2023-1881

CVE-2023-1877

CVE-2023-1081

CVE-2023-0608

CVE-2022-4732

CVE-2022-4647

CVE-2022-4617

CVE-2022-3245

CVE-2022-3242

CVE-2022-2777

CVE-2022-2470

CVE-2022-2495

CVE-2022-2368

CVE-2022-2353

CVE-2022-2300

CVE-2022-2280

CVE-2022-2252

CVE-2022-2174

CVE-2022-2130

CVE-2022-1631

CVE-2022-1584

CVE-2022-1555

CVE-2022-1504

CVE-2022-1439

CVE-2022-1036

CVE-2022-0968

CVE-2022-0963

CVE-2022-0961

CVE-2022-0954

CVE-2022-0930

CVE-2022-0929

CVE-2022-0926

CVE-2022-0921

CVE-2022-0928

CVE-2022-0912

CVE-2022-0913

CVE-2022-0906

CVE-2022-0895

CVE-2022-0896

CVE-2022-0777

CVE-2022-0723

CVE-2022-0763

CVE-2022-0762

CVE-2022-0724

CVE-2022-0721

CVE-2022-0719

CVE-2022-0688

CVE-2022-0690

CVE-2022-0689

CVE-2022-0678

CVE-2022-0666

CVE-2022-0660

CVE-2022-0638

CVE-2022-0597

CVE-2022-0596

CVE-2022-0560

CVE-2022-0557

CVE-2022-0558

CVE-2022-0504

CVE-2022-0505

CVE-2022-0506

CVE-2022-0378

CVE-2022-0379

CVE-2022-0282

CVE-2022-0281

CVE-2022-0278

CVE-2022-0277