Vulnerabilities > Microweber

DATE CVE VULNERABILITY TITLE RISK
2022-07-15 CVE-2021-36461 Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.3
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.
network
low complexity
microweber CWE-434
8.8
2022-07-11 CVE-2022-2368 Authentication Bypass by Spoofing vulnerability in Microweber
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.
network
low complexity
microweber CWE-290
critical
9.8
2022-07-09 CVE-2022-2353 Cross-Site Request Forgery (CSRF) vulnerability in Microweber
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.
network
low complexity
microweber CWE-352
6.1
2022-07-04 CVE-2022-2300 Cross-site Scripting vulnerability in Microweber
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
network
low complexity
microweber CWE-79
5.4
2022-07-01 CVE-2022-2280 Cross-site Scripting vulnerability in Microweber
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
network
low complexity
microweber CWE-79
5.4
2022-06-29 CVE-2022-2252 Open Redirect vulnerability in Microweber
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.
network
low complexity
microweber CWE-601
6.1
2022-06-22 CVE-2022-2174 Cross-site Scripting vulnerability in Microweber
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.
network
low complexity
microweber CWE-79
6.1
2022-06-20 CVE-2022-2130 Cross-site Scripting vulnerability in Microweber
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.
network
low complexity
microweber CWE-79
6.1
2022-05-09 CVE-2022-1631 Incorrect Authorization vulnerability in Microweber
Users Account Pre-Takeover or Users Account Takeover.
network
low complexity
microweber CWE-863
8.8
2022-05-04 CVE-2022-1584 Cross-site Scripting vulnerability in Microweber
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16.
network
low complexity
microweber CWE-79
6.1