Microweber

microweber

115 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (115)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-49052 1Microweber 1Microweber Nov 21, 2024 Nov 30, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.
CVE-2023-47379 1Microweber 1Microweber Nov 21, 2024 Nov 8, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.
CVE-2023-5976 1Microweber 1Microweber Nov 21, 2024 Nov 7, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Improper Access Control in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5861 1Microweber 1Microweber Nov 21, 2024 Oct 31, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5318 1Microweber 1Microweber Nov 21, 2024 Sep 30, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5244 1Microweber 1Microweber Nov 21, 2024 Sep 28, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-3142 1Microweber 1Microweber Nov 21, 2024 Jun 7, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-2239 1Microweber 1Microweber Nov 21, 2024 Apr 22, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.
CVE-2023-2240 1Microweber 1Microweber Nov 21, 2024 Apr 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.
CVE-2023-2014 1Microweber 1Microweber Nov 21, 2024 Apr 13, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
CVE-2023-1881 1Microweber 1Microweber Nov 21, 2024 Apr 5, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
CVE-2023-1877 1Microweber 1Microweber Nov 21, 2024 Apr 5, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Command Injection in GitHub repository microweber/microweber prior to 1.3.3.
CVE-2023-1081 1Microweber 1Microweber Nov 21, 2024 Feb 28, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
CVE-2021-32856 1Microweber 1Microweber Nov 21, 2024 Feb 21, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fool...Show more Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.Show less
CVE-2023-0608 1Microweber 1Microweber Nov 21, 2024 Feb 1, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2022-4732 1Microweber 1Microweber Nov 21, 2024 Dec 27, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2022-4647 1Microweber 1Microweber Nov 21, 2024 Dec 22, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2022-4617 1Microweber 1Microweber Nov 21, 2024 Dec 21, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2022-0698 1Microweber 1Microweber Apr 25, 2025 Nov 25, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.
CVE-2022-33012 1Microweber 1Microweber Apr 29, 2025 Nov 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.

Previous 123 4 5 6 Next