Microweber Microweber vulnerabilities
78 known vulnerabilities affecting microweber/microweber_microweber.
Total CVEs
78
CISA KEV
0
Public exploits
17
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH13MEDIUM62
Vulnerabilities
Page 2 of 4
CVE-2022-2368P3CRITICALCVSS 9.8≥ unspecified, < 1.2.202022-07-11
CVE-2022-2368 [CRITICAL] CWE-290 CVE-2022-2368: Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.
nvd
CVE-2022-0896P3HIGHCVSS 8.8≥ unspecified, < 1.32022-03-09
CVE-2022-0896 [HIGH] CWE-1336 CVE-2022-0896: Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microwebe
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.
nvd
CVE-2023-2240P3HIGHCVSS 8.8≥ unspecified, < 1.3.42023-04-22
CVE-2023-2240 [HIGH] CWE-269 CVE-2023-2240: Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.
Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.
nvd
CVE-2023-5318P3HIGHCVSS 7.5≥ unspecified, < 2.02023-09-30
CVE-2023-5318 [HIGH] CWE-798 CVE-2023-5318: Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.
nvd
CVE-2022-0777P3HIGHCVSS 7.5≥ unspecified, < 1.32022-03-01
CVE-2022-0777 [HIGH] CWE-640 CVE-2022-0777: Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber p
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.
nvd
CVE-2022-1036P3HIGHCVSS 7.5≥ unspecified, < 1.2.122022-03-22
CVE-2022-1036 [HIGH] CWE-190 CVE-2022-1036: Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub
Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.
nvd
CVE-2022-0282P3HIGHCVSS 7.5≥ unspecified, < 1.2.112022-01-20
CVE-2022-0282 [HIGH] CWE-79 CVE-2022-0282: Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-0921P3MEDIUMCVSS 6.7≥ unspecified, < 1.2.122022-03-11
CVE-2022-0921 [MEDIUM] CWE-94 CVE-2022-0921: Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/micr
Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.
nvd
CVE-2022-0277P3MEDIUMCVSS 6.5≥ unspecified, < 1.2.112022-01-20
CVE-2022-0277 [MEDIUM] CWE-732 CVE-2022-0277: Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.
Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-0913P3HIGHCVSS 7.5≥ unspecified, < 1.32022-03-11
CVE-2022-0913 [HIGH] CWE-190 CVE-2022-0913: Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.
Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.
nvd
CVE-2022-0721P4MEDIUMCVSS 6.5≥ unspecified, < 1.32022-02-23
CVE-2022-0721 [MEDIUM] CWE-215 CVE-2022-0721: Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber pr
Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.
nvd
CVE-2022-0724P4MEDIUMCVSS 6.5≥ unspecified, < 1.32022-02-23
CVE-2022-0724 [MEDIUM] CWE-922 CVE-2022-0724: Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
nvd
CVE-2023-2239P4MEDIUMCVSS 6.5≥ unspecified, < 1.3.42023-04-22
CVE-2023-2239 [MEDIUM] CWE-359 CVE-2023-2239: Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/mi
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.
nvd
CVE-2022-0504P4MEDIUMCVSS 6.5≥ unspecified, < 1.2.112022-02-08
CVE-2022-0504 [MEDIUM] CWE-209 CVE-2022-0504: Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prio
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2023-6566P4MEDIUMCVSS 6.5≥ unspecified, < 2.02023-12-07
CVE-2023-6566 [MEDIUM] CWE-840 CVE-2023-6566: Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
nvd
CVE-2022-0505P4MEDIUMCVSS 6.5≥ unspecified, < 1.2.112022-02-08
CVE-2022-0505 [MEDIUM] CWE-352 CVE-2022-0505: Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-1555P4MEDIUMCVSS 6.1≥ unspecified, < 1.2.162022-05-04
CVE-2022-1555 [MEDIUM] CWE-79 CVE-2022-1555: DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...
nvd
CVE-2022-2470P4MEDIUMCVSS 6.1≥ unspecified, < 1.2.212022-07-22
CVE-2022-2470 [MEDIUM] CWE-79 CVE-2022-2470: Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.
nvd
CVE-2022-4617P4MEDIUMCVSS 6.1≥ unspecified, < 1.3.22022-12-21
CVE-2022-4617 [MEDIUM] CWE-79 CVE-2022-4617: Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
nvd
CVE-2022-0929P4MEDIUMCVSS 6.1≥ unspecified, < 1.2.112022-03-12
CVE-2022-0929 [MEDIUM] CWE-79 CVE-2022-0929: XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
nvd