Vulnerabilities > Microweber

DATE CVE VULNERABILITY TITLE RISK
2022-07-15 CVE-2021-36461 Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.3
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.
network
low complexity
microweber CWE-434
6.5
2022-07-11 CVE-2022-2368 Business Logic Errors vulnerability in Microweber
Business Logic Errors in GitHub repository microweber/microweber prior to 1.2.20.
network
low complexity
microweber CWE-840
7.5
2022-07-09 CVE-2022-2353 Cross-site Scripting vulnerability in Microweber
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.
network
microweber CWE-79
4.3
2022-07-04 CVE-2022-2300 Cross-site Scripting vulnerability in Microweber
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
network
microweber CWE-79
3.5
2022-07-01 CVE-2022-2280 Cross-site Scripting vulnerability in Microweber
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
network
microweber CWE-79
3.5
2022-06-29 CVE-2022-2252 Open Redirect vulnerability in Microweber
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.
5.8
2022-06-22 CVE-2022-2174 Cross-site Scripting vulnerability in Microweber
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.
network
microweber CWE-79
4.3
2022-06-20 CVE-2022-2130 Cross-site Scripting vulnerability in Microweber
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.
network
microweber CWE-79
4.3
2022-05-09 CVE-2022-1631 Incorrect Authorization vulnerability in Microweber
Users Account Pre-Takeover or Users Account Takeover.
6.8
2022-05-04 CVE-2022-1584 Cross-site Scripting vulnerability in Microweber
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16.
network
microweber CWE-79
4.3