Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Microweber Subscribe
Total 89 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9464 1 Microweber 1 Microweber 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
CVE-2013-5984 1 Microweber 1 Microweber 2024-11-21 6.4 MEDIUM N/A
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter.
CVE-2024-40101 1 Microweber 1 Microweber 2024-08-29 N/A 6.1 MEDIUM
A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter.
CVE-2023-6832 1 Microweber 1 Microweber 2024-02-05 N/A 4.3 MEDIUM
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-6566 1 Microweber 1 Microweber 2024-02-05 N/A 6.5 MEDIUM
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-6599 1 Microweber 1 Microweber 2024-02-05 N/A 4.3 MEDIUM
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-49052 1 Microweber 1 Microweber 2024-02-05 N/A 8.8 HIGH
File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.
CVE-2023-48122 1 Microweber 1 Microweber 2024-02-05 N/A 7.5 HIGH
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.
CVE-2023-2014 1 Microweber 1 Microweber 2024-02-04 N/A 4.8 MEDIUM
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
CVE-2023-2239 1 Microweber 1 Microweber 2024-02-04 N/A 6.5 MEDIUM
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.
CVE-2023-3142 1 Microweber 1 Microweber 2024-02-04 N/A 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-2240 1 Microweber 1 Microweber 2024-02-04 N/A 8.8 HIGH
Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.
CVE-2022-4617 1 Microweber 1 Microweber 2024-02-04 N/A 6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2022-4647 1 Microweber 1 Microweber 2024-02-04 N/A 6.1 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2021-32856 1 Microweber 1 Microweber 2024-02-04 N/A 6.1 MEDIUM
Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.
CVE-2023-1081 1 Microweber 1 Microweber 2024-02-04 N/A 4.8 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
CVE-2022-0698 1 Microweber 1 Microweber 2024-02-04 N/A 6.1 MEDIUM
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.
CVE-2022-33012 1 Microweber 1 Microweber 2024-02-04 N/A 8.8 HIGH
Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.
CVE-2021-36461 1 Microweber 1 Microweber 2024-02-04 6.5 MEDIUM 8.8 HIGH
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.
CVE-2022-2368 1 Microweber 1 Microweber 2024-02-04 7.5 HIGH 9.8 CRITICAL
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.