Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Microweber Subscribe
Total 88 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6832 1 Microweber 1 Microweber 2024-02-05 N/A 4.3 MEDIUM
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-6566 1 Microweber 1 Microweber 2024-02-05 N/A 6.5 MEDIUM
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-6599 1 Microweber 1 Microweber 2024-02-05 N/A 4.3 MEDIUM
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-49052 1 Microweber 1 Microweber 2024-02-05 N/A 8.8 HIGH
File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.
CVE-2023-48122 1 Microweber 1 Microweber 2024-02-05 N/A 7.5 HIGH
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.
CVE-2023-2014 1 Microweber 1 Microweber 2024-02-04 N/A 4.8 MEDIUM
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
CVE-2023-2239 1 Microweber 1 Microweber 2024-02-04 N/A 6.5 MEDIUM
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.
CVE-2023-3142 1 Microweber 1 Microweber 2024-02-04 N/A 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-2240 1 Microweber 1 Microweber 2024-02-04 N/A 8.8 HIGH
Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.
CVE-2022-4617 1 Microweber 1 Microweber 2024-02-04 N/A 6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2022-4647 1 Microweber 1 Microweber 2024-02-04 N/A 6.1 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2021-32856 1 Microweber 1 Microweber 2024-02-04 N/A 6.1 MEDIUM
Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.
CVE-2023-1081 1 Microweber 1 Microweber 2024-02-04 N/A 4.8 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
CVE-2022-0698 1 Microweber 1 Microweber 2024-02-04 N/A 6.1 MEDIUM
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.
CVE-2022-33012 1 Microweber 1 Microweber 2024-02-04 N/A 8.8 HIGH
Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.
CVE-2021-36461 1 Microweber 1 Microweber 2024-02-04 6.5 MEDIUM 8.8 HIGH
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.
CVE-2022-2368 1 Microweber 1 Microweber 2024-02-04 7.5 HIGH 9.8 CRITICAL
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.
CVE-2022-2353 1 Microweber 1 Microweber 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.
CVE-2022-2777 1 Microweber 1 Microweber 2024-02-04 N/A 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.
CVE-2022-2495 1 Microweber 1 Microweber 2024-02-04 N/A 4.8 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.