Vulnerabilities > Microweber
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-15 | CVE-2021-36461 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.3 An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini. | 8.8 |
| 2022-07-11 | CVE-2022-2368 | Unspecified vulnerability in Microweber Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. | 9.8 |
| 2022-07-09 | CVE-2022-2353 | Unspecified vulnerability in Microweber Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user. | 6.1 |
| 2022-07-04 | CVE-2022-2300 | Unspecified vulnerability in Microweber Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. | 5.4 |
| 2022-07-01 | CVE-2022-2280 | Unspecified vulnerability in Microweber Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. | 5.4 |
| 2022-06-29 | CVE-2022-2252 | Unspecified vulnerability in Microweber Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. | 6.1 |
| 2022-06-22 | CVE-2022-2174 | Unspecified vulnerability in Microweber Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18. | 6.1 |
| 2022-06-20 | CVE-2022-2130 | Unspecified vulnerability in Microweber Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. | 6.1 |
| 2022-05-09 | CVE-2022-1631 | Incorrect Authorization vulnerability in Microweber Users Account Pre-Takeover or Users Account Takeover. | 8.8 |
| 2022-05-04 | CVE-2022-1584 | Cross-site Scripting vulnerability in Microweber Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. | 6.1 |