Vulnerabilities > Microweber > Microweber > 1.1.3

DATE CVE VULNERABILITY TITLE RISK
2023-04-13 CVE-2023-2014 Cross-site Scripting vulnerability in Microweber
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
network
low complexity
microweber CWE-79
4.8
4.8
2023-02-28 CVE-2023-1081 Cross-site Scripting vulnerability in Microweber
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
network
low complexity
microweber CWE-79
4.8
4.8
2023-02-21 CVE-2021-32856 Cross-site Scripting vulnerability in Microweber
Microweber is a drag and drop website builder and content management system.
network
low complexity
microweber CWE-79
6.1
6.1
2023-02-01 CVE-2023-0608 Cross-site Scripting vulnerability in Microweber
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.
network
low complexity
microweber CWE-79
5.4
5.4
2022-07-15 CVE-2021-36461 Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.3
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.
network
low complexity
microweber CWE-434
6.5
6.5
2022-07-11 CVE-2022-2368 Authentication Bypass by Spoofing vulnerability in Microweber
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.
network
low complexity
microweber CWE-290
critical
 9.8
9.8
2022-07-09 CVE-2022-2353 Cross-Site Request Forgery (CSRF) vulnerability in Microweber
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.
network
low complexity
microweber CWE-352
6.1
6.1
2022-03-10 CVE-2022-0895 Unspecified vulnerability in Microweber
Static Code Injection in GitHub repository microweber/microweber prior to 1.3.
network
low complexity
microweber
critical
 9.8
9.8
2022-02-26 CVE-2022-0762 Incorrect Authorization vulnerability in Microweber
Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.
network
low complexity
microweber CWE-863
4.3
4.3
2022-02-15 CVE-2022-0596 Improper Validation of Specified Quantity in Input vulnerability in Microweber
Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.
network
low complexity
microweber CWE-1284
4.3
4.3