Vulnerabilities > Microweber > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-20 | CVE-2022-0277 | Incorrect Permission Assignment for Critical Resource vulnerability in Microweber Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11. | 6.5 |
| 2021-10-19 | CVE-2021-33988 | Cross-site Scripting vulnerability in Microweber 1.2.7 Cross Site Scripting (XSS). | 4.3 |
| 2021-02-15 | CVE-2020-28337 | Path Traversal vulnerability in Microweber A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. | 6.5 |
| 2020-11-09 | CVE-2020-23140 | Insufficient Session Expiration vulnerability in Microweber 1.1.18 Microweber 1.1.18 is affected by insufficient session expiration. | 5.8 |
| 2020-07-16 | CVE-2020-13405 | Information Exposure vulnerability in Microweber userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request. | 5.0 |
| 2019-03-21 | CVE-2018-19917 | Cross-site Scripting vulnerability in Microweber 1.0.8 Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities. | 4.3 |
| 2018-12-20 | CVE-2018-1000826 | Cross-site Scripting vulnerability in Microweber Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code. | 4.3 |
| 2018-09-16 | CVE-2018-17104 | Cross-Site Request Forgery (CSRF) vulnerability in Microweber 1.0.7 An issue was discovered in Microweber 1.0.7. | 6.8 |
| 2014-05-12 | CVE-2013-5984 | Path Traversal vulnerability in Microweber 0.8 Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. | 6.4 |