Vulnerabilities > Microweber > Microweber > 1.2.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-20 | CVE-2022-2130 | Cross-site Scripting vulnerability in Microweber Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. | 4.3 |
2022-05-09 | CVE-2022-1631 | Incorrect Authorization vulnerability in Microweber Users Account Pre-Takeover or Users Account Takeover. | 8.8 |
2022-05-04 | CVE-2022-1584 | Cross-site Scripting vulnerability in Microweber Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. | 4.3 |
2022-05-04 | CVE-2022-1555 | Cross-site Scripting vulnerability in Microweber DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. | 4.3 |
2022-04-27 | CVE-2022-1504 | Cross-site Scripting vulnerability in Microweber XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. | 4.3 |
2022-04-22 | CVE-2022-1439 | Cross-site Scripting vulnerability in Microweber Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. | 4.3 |
2022-03-22 | CVE-2022-1036 | Integer Overflow or Wraparound vulnerability in Microweber Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12. | 5.0 |
2022-03-15 | CVE-2022-0963 | Cross-site Scripting vulnerability in Microweber Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | 3.5 |
2022-03-15 | CVE-2022-0968 | Integer Overflow or Wraparound vulnerability in Microweber The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | 4.0 |
2022-03-15 | CVE-2022-0961 | Integer Overflow or Wraparound vulnerability in Microweber The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | 4.3 |