Vulnerabilities > Microweber
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-26 | CVE-2022-0379 | Cross-site Scripting vulnerability in Microweber Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. | 3.5 |
| 2022-01-20 | CVE-2022-0282 | Code Injection vulnerability in Microweber Code Injection in Packagist microweber/microweber prior to 1.2.11. | 5.0 |
| 2022-01-20 | CVE-2022-0281 | Information Exposure vulnerability in Microweber Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11. | 5.0 |
| 2022-01-20 | CVE-2022-0277 | Improper Privilege Management vulnerability in Microweber Improper Access Control in Packagist microweber/microweber prior to 1.2.11. | 4.0 |
| 2022-01-20 | CVE-2022-0278 | Cross-site Scripting vulnerability in Microweber Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. | 3.5 |
| 2021-10-19 | CVE-2021-33988 | Cross-site Scripting vulnerability in Microweber 1.2.7 Cross Site Scripting (XSS). | 4.3 |
| 2021-02-15 | CVE-2020-28337 | Path Traversal vulnerability in Microweber A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. | 6.5 |
| 2020-11-09 | CVE-2020-23140 | Insufficient Session Expiration vulnerability in Microweber 1.1.18 Microweber 1.1.18 is affected by insufficient session expiration. | 5.8 |
| 2020-11-09 | CVE-2020-23139 | Improper Authentication vulnerability in Microweber 1.1.18 Microweber 1.1.18 is affected by broken authentication and session management. | 2.1 |
| 2020-11-09 | CVE-2020-23138 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.18 An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. | 7.5 |