Latest microweber microweber Vulnerabilities

CVE-2023-6832
Business Logic Errors in microweber/microweber
composer/microweber/microweber<2.0.0
Microweber Microweber<2.0
CVE-2023-6599
Missing Standardized Error Handling Mechanism in microweber/microweber
Microweber Microweber<2.0.0
composer/microweber/microweber<2.0.0
CVE-2023-48122
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.
composer/microweber/microweber>=2.0.1<2.0.4
Microweber Microweber>=2.0.1<2.0.4
CVE-2023-6566
Business Logic Errors in microweber/microweber
composer/microweber/microweber<2.0.0
<2.0.0
Microweber Microweber<2.0.0
CVE-2023-49052
File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.
Microweber Microweber=2.0.4
composer/microweber/microweber<=2.0.4
CVE-2023-47379
Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.
Microweber Microweber=2.0.1
composer/microweber/microweber<2.0.3
CVE-2023-5976
Improper Access Control in microweber/microweber
Microweber Microweber<2.0.0
composer/microweber/microweber<2.0.0
CVE-2023-5861
Cross-site Scripting (XSS) - Stored in microweber/microweber
composer/microweber/microweber<2.0.0
Microweber Microweber<2.0.0
CVE-2023-5318
Use of Hard-coded Credentials in GitHub repository microweber/microweber 1.3.4 and prior. A patch is available and anticipated to be part of version 2.0.
composer/microweber/microweber<=1.3.4
Microweber Microweber<2.0
CVE-2023-5244
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.
Microweber Microweber<2.0
CVE-2023-3142
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
Microweber Microweber<2.0
composer/microweber/microweber<=1.3.4
CVE-2023-2239
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.
Microweber Microweber<1.3.4
composer/microweber/microweber<1.3.4
<1.3.4
CVE-2023-2240
Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.
Microweber Microweber<1.3.4
CVE-2023-2014
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
Microweber Microweber<1.3.3
CVE-2023-1881
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
Microweber Microweber<1.3.3
CVE-2023-1877
Command Injection in GitHub repository microweber/microweber prior to 1.3.3.
Microweber Microweber<1.3.3
CVE-2023-1081
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
Microweber Microweber<=1.3.2
CVE-2021-32856
Microweber Microweber<=1.2.12
CVE-2023-0608
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.
Microweber Microweber<1.3.2
CVE-2022-4732
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.
Microweber Microweber<=1.3.1
CVE-2022-4617
Microweber Microweber<=1.3.1
CVE-2022-0698
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.
Microweber Microweber=1.3.1
CVE-2022-33012
Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.
Microweber Microweber=1.2.15
CVE-2022-3245
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit in...
Microweber Microweber<1.3.2
CVE-2022-3242
Code Injection in GitHub repository microweber/microweber prior to 1.3.2.
Microweber Microweber<1.3.2
CVE-2022-2777
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.
Microweber Microweber<1.3.1
CVE-2022-2495
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.
Microweber Microweber<1.2.21
CVE-2021-36461
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.
Microweber Microweber=1.1.3
CVE-2022-2368
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.
Microweber Microweber<1.2.20
CVE-2022-2353
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.
Microweber Microweber<1.2.20
CVE-2022-2300
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
Microweber Microweber<1.2.19
CVE-2022-2280
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
Microweber Microweber<1.2.19
CVE-2022-2252
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.
Microweber Microweber<1.2.19
CVE-2022-2174
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.
Microweber Microweber<1.2.18
CVE-2022-2130
Microweber Microweber<1.2.17
CVE-2022-1631
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easil...
Microweber Microweber<1.2.15
CVE-2022-1584
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim
Microweber Microweber<1.2.16
CVE-2022-1555
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...
Microweber Microweber<1.2.16
CVE-2022-1504
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.
Microweber Microweber<1.2.15
CVE-2022-0968
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microwebe...
Microweber Microweber<1.2.12
CVE-2022-0963
Microweber Microweber<1.2.12
CVE-2022-0961
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub reposito...
Microweber Microweber<1.2.12
CVE-2022-0954
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to ...
Microweber Microweber<1.2.11
CVE-2022-0930
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
Microweber Microweber<1.2.12
CVE-2022-0929
XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
Microweber Microweber<1.2.11
CVE-2022-0926
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
Microweber Microweber<1.2.12
CVE-2022-0921
Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.
Microweber Microweber<1.2.12
CVE-2022-0928
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
Microweber Microweber<=1.2.11
CVE-2022-0913
Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.
Microweber Microweber<=1.2.11
CVE-2022-0912
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.
Microweber Microweber<1.2.11

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203