Vulnerabilities > Microweber

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-15	CVE-2021-36461	Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.3 An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini. network low complexity microweber CWE-434	6.5
2022-07-11	CVE-2022-2368	Authentication Bypass by Spoofing vulnerability in Microweber Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. network low complexity microweber CWE-290 critical	9.8
2022-07-09	CVE-2022-2353	Cross-Site Request Forgery (CSRF) vulnerability in Microweber Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user. network low complexity microweber CWE-352	6.1
2022-07-04	CVE-2022-2300	Cross-site Scripting vulnerability in Microweber Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. network microweber CWE-79	3.5
2022-07-01	CVE-2022-2280	Cross-site Scripting vulnerability in Microweber Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. network microweber CWE-79	3.5
2022-06-29	CVE-2022-2252	Open Redirect vulnerability in Microweber Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. network microweber CWE-601	5.8
2022-06-22	CVE-2022-2174	Cross-site Scripting vulnerability in Microweber Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18. network microweber CWE-79	4.3
2022-06-20	CVE-2022-2130	Cross-site Scripting vulnerability in Microweber Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. network microweber CWE-79	4.3
2022-05-09	CVE-2022-1631	Incorrect Authorization vulnerability in Microweber Users Account Pre-Takeover or Users Account Takeover. network low complexity microweber CWE-863	8.8
2022-05-04	CVE-2022-1584	Cross-site Scripting vulnerability in Microweber Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. network microweber CWE-79	4.3

Vulnerabilities > Microweber {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Microweber"}]}

Vulnerabilities > Microweber