cbcvebase.

Microweber Microweber vulnerabilities

78 known vulnerabilities affecting microweber/microweber_microweber.

Total CVEs
78
CISA KEV
0
Public exploits
17
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH13MEDIUM62

Vulnerabilities

Page 1 of 4
CVE-2022-1439P2MEDIUMCVSS 6.1ExploitedPoC≥ unspecified, < 1.2.152022-04-22
CVE-2022-1439 [MEDIUM] CWE-79 CVE-2022-1439: Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior t Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.
nvd
CVE-2022-0557P2HIGHCVSS 7.2PoC≥ unspecified, < 1.2.112022-02-11
CVE-2022-0557 [HIGH] CWE-78 CVE-2022-0557: OS Command Injection in Packagist microweber/microweber prior to 1.2.11. OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-0666P2HIGHCVSS 7.5PoC≥ unspecified, < 1.2.112022-02-18
CVE-2022-0666 [HIGH] CWE-93 CVE-2022-0666: CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-1631P2HIGHCVSS 8.8PoC≥ unspecified, < 1.2.152022-05-09
CVE-2022-1631 [HIGH] CWE-284 CVE-2022-1631: Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber pri Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due t
nvd
CVE-2022-0281P2HIGHCVSS 7.5PoC≥ unspecified, < 1.2.112022-01-20
CVE-2022-0281 [HIGH] CWE-200 CVE-2022-0281: Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-0660P3HIGHCVSS 7.5PoC≥ unspecified, < 1.2.112022-02-18
CVE-2022-0660 [HIGH] CWE-209 CVE-2022-0660: Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prio Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-4732P3HIGHCVSS 7.2≥ unspecified, < 1.3.22022-12-27
CVE-2022-4732 [HIGH] CWE-434 CVE-2022-4732: Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.
nvd
CVE-2022-3242P3MEDIUMCVSS 6.1PoC≥ unspecified, < 1.3.22022-09-20
CVE-2022-3242 [MEDIUM] CWE-94 CVE-2022-3242: Code Injection in GitHub repository microweber/microweber prior to 1.3.2. Code Injection in GitHub repository microweber/microweber prior to 1.3.2.
nvd
CVE-2022-2174P3MEDIUMCVSS 6.1PoC≥ unspecified, < 1.2.182022-06-22
CVE-2022-2174 [MEDIUM] CWE-79 CVE-2022-2174: Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18. Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.
nvd
CVE-2022-2130P3MEDIUMCVSS 6.1PoC≥ unspecified, < 1.2.172022-06-20
CVE-2022-2130 [MEDIUM] CWE-79 CVE-2022-2130: Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.
nvd
CVE-2022-0678P3MEDIUMCVSS 6.1PoC≥ unspecified, < 1.2.112022-02-19
CVE-2022-0678 [MEDIUM] CWE-79 CVE-2022-0678: Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2023-5244P3MEDIUMCVSS 6.1PoC≥ unspecified, < 2.02023-09-28
CVE-2023-5244 [MEDIUM] CWE-79 CVE-2023-5244: Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0. Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.
nvd
CVE-2022-0597P3MEDIUMCVSS 6.1PoC≥ unspecified, < 1.2.112022-02-15
CVE-2022-0597 [MEDIUM] CWE-601 CVE-2022-0597: Open Redirect in Packagist microweber/microweber prior to 1.2.11. Open Redirect in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-0378P3MEDIUMCVSS 5.4PoC≥ unspecified, < 1.2.112022-01-26
CVE-2022-0378 [MEDIUM] CWE-79 CVE-2022-0378: Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-0954P4MEDIUMCVSS 5.4PoC≥ unspecified, < 1.2.112022-03-15
CVE-2022-0954 [MEDIUM] CWE-79 CVE-2022-0954: Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autoresp Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
nvd
CVE-2022-0928P4MEDIUMCVSS 5.4PoC≥ unspecified, < 1.2.122022-03-11
CVE-2022-0928 [MEDIUM] CWE-79 CVE-2022-0928: Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12. Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
nvd
CVE-2022-0963P3MEDIUMCVSS 5.4PoC≥ unspecified, < 1.2.122022-03-15
CVE-2022-0963 [MEDIUM] CWE-79 CVE-2022-0963: Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.1 Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
nvd
CVE-2023-1877P3CRITICALCVSS 9.8≥ unspecified, < 1.3.32023-04-05
CVE-2023-1877 [CRITICAL] CWE-77 CVE-2023-1877: Command Injection in GitHub repository microweber/microweber prior to 1.3.3. Command Injection in GitHub repository microweber/microweber prior to 1.3.3.
nvd
CVE-2022-0895P3CRITICALCVSS 9.8≥ unspecified, < 1.32022-03-10
CVE-2022-0895 [CRITICAL] CWE-96 CVE-2022-0895: Static Code Injection in GitHub repository microweber/microweber prior to 1.3. Static Code Injection in GitHub repository microweber/microweber prior to 1.3.
nvd
CVE-2022-0968P4MEDIUMCVSS 5.5PoC≥ unspecified, < 1.2.122022-03-15
CVE-2022-0968 [MEDIUM] CWE-190 CVE-2022-0968: The microweber application allows large characters to insert in the input field "fist & last name" w The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.
nvd
Microweber Microweber vulnerabilities | cvebase