Vulnerabilities > Microweber
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-09 | CVE-2020-23139 | Improper Authentication vulnerability in Microweber 1.1.18 Microweber 1.1.18 is affected by broken authentication and session management. | 5.5 |
| 2020-11-09 | CVE-2020-23138 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.18 An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. | 9.8 |
| 2020-11-09 | CVE-2020-23136 | Insufficient Session Expiration vulnerability in Microweber 1.1.18 Microweber v1.1.18 is affected by no session expiry after log-out. | 5.5 |
| 2020-07-16 | CVE-2020-13405 | Missing Authentication for Critical Function vulnerability in Microweber userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request. | 7.5 |
| 2020-05-20 | CVE-2020-13241 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.18 Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file. | 7.8 |
| 2019-03-21 | CVE-2018-19917 | Cross-site Scripting vulnerability in Microweber 1.0.8 Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities. | 6.1 |
| 2018-12-20 | CVE-2018-1000826 | Cross-site Scripting vulnerability in Microweber Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code. | 6.1 |
| 2018-09-16 | CVE-2018-17104 | Cross-Site Request Forgery (CSRF) vulnerability in Microweber 1.0.7 An issue was discovered in Microweber 1.0.7. | 8.8 |