Filtered by vendor Microweber
Subscribe
Total
88 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-0638 | 1 Microweber | 1 Microweber | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. | |||||
CVE-2022-0723 | 1 Microweber | 1 Microweber | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11. | |||||
CVE-2022-0688 | 1 Microweber | 1 Microweber | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
Business Logic Errors in Packagist microweber/microweber prior to 1.2.11. | |||||
CVE-2022-0963 | 1 Microweber | 1 Microweber | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | |||||
CVE-2022-0928 | 1 Microweber | 1 Microweber | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12. | |||||
CVE-2022-0906 | 1 Microweber | 1 Microweber | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12. | |||||
CVE-2022-2280 | 1 Microweber | 1 Microweber | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. | |||||
CVE-2022-0896 | 1 Microweber | 1 Microweber | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3. | |||||
CVE-2022-0666 | 1 Microweber | 1 Microweber | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. | |||||
CVE-2022-2130 | 1 Microweber | 1 Microweber | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. | |||||
CVE-2022-0660 | 1 Microweber | 1 Microweber | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | |||||
CVE-2022-0689 | 1 Microweber | 1 Microweber | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11. | |||||
CVE-2022-1584 | 1 Microweber | 1 Microweber | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim | |||||
CVE-2022-0912 | 1 Microweber | 1 Microweber | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. | |||||
CVE-2022-0560 | 1 Microweber | 1 Microweber | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Redirect in Packagist microweber/microweber prior to 1.2.11. | |||||
CVE-2022-0954 | 1 Microweber | 1 Microweber | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11. | |||||
CVE-2022-1555 | 1 Microweber | 1 Microweber | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie... | |||||
CVE-2022-1631 | 1 Microweber | 1 Microweber | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker’s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee’s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee’s account. | |||||
CVE-2022-0926 | 1 Microweber | 1 Microweber | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | |||||
CVE-2022-0597 | 1 Microweber | 1 Microweber | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Redirect in Packagist microweber/microweber prior to 1.2.11. |