Microweber Microweber vulnerabilities
78 known vulnerabilities affecting microweber/microweber_microweber.
Total CVEs
78
CISA KEV
0
Public exploits
17
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH13MEDIUM62
Vulnerabilities
Page 3 of 4
CVE-2022-1504P4MEDIUMCVSS 6.1≥ unspecified, < 1.2.152022-04-27
CVE-2022-1504 [MEDIUM] CWE-79 CVE-2022-1504: XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.
nvd
CVE-2022-4647P4MEDIUMCVSS 6.1≥ unspecified, < 1.3.22022-12-22
CVE-2022-4647 [MEDIUM] CWE-79 CVE-2022-4647: Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
nvd
CVE-2022-0719P4MEDIUMCVSS 5.4≥ unspecified, < 1.32022-02-23
CVE-2022-0719 [MEDIUM] CWE-79 CVE-2022-0719: Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.
nvd
CVE-2022-0723P4MEDIUMCVSS 5.4≥ unspecified, < 1.2.112022-02-26
CVE-2022-0723 [MEDIUM] CWE-79 CVE-2022-0723: Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.
nvd
CVE-2022-0689P4MEDIUMCVSS 5.3≥ unspecified, < 1.2.112022-02-19
CVE-2022-0689 [MEDIUM] CWE-840 CVE-2022-0689: Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.
Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-2280P4MEDIUMCVSS 5.4≥ unspecified, < 1.2.192022-07-01
CVE-2022-2280 [MEDIUM] CWE-79 CVE-2022-2280: Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
nvd
CVE-2023-0608P4MEDIUMCVSS 5.4≥ unspecified, < 1.3.22023-02-01
CVE-2023-0608 [MEDIUM] CWE-79 CVE-2023-0608: Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.
nvd
CVE-2023-1881P4MEDIUMCVSS 5.4≥ unspecified, < 1.3.32023-04-05
CVE-2023-1881 [MEDIUM] CWE-79 CVE-2023-1881: Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
nvd
CVE-2022-2300P4MEDIUMCVSS 5.4≥ unspecified, < 1.2.192022-07-04
CVE-2022-2300 [MEDIUM] CWE-79 CVE-2022-2300: Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
nvd
CVE-2022-2777P4MEDIUMCVSS 5.4≥ unspecified, < 1.3.12022-08-11
CVE-2022-2777 [MEDIUM] CWE-79 CVE-2022-2777: Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.
nvd
CVE-2023-3142P4MEDIUMCVSS 5.4≥ unspecified, < 2.02023-06-07
CVE-2023-3142 [MEDIUM] CWE-79 CVE-2023-3142: Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
nvd
CVE-2022-2252P4MEDIUMCVSS 6.1≥ unspecified, < 1.2.192022-06-29
CVE-2022-2252 [MEDIUM] CWE-601 CVE-2022-2252: Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.
nvd
CVE-2022-3245P4MEDIUMCVSS 6.1≥ unspecified, < 1.3.22022-09-20
CVE-2022-3245 [MEDIUM] CWE-94 CVE-2022-3245: HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.
nvd
CVE-2022-2353P4MEDIUMCVSS 6.1≥ unspecified, < 1.2.202022-07-09
CVE-2022-2353 [MEDIUM] CWE-352 CVE-2022-2353: Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can ste
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.
nvd
CVE-2022-0558P4MEDIUMCVSS 5.4≥ unspecified, < 1.2.112022-02-10
CVE-2022-0558 [MEDIUM] CWE-79 CVE-2022-0558: Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-0379P4MEDIUMCVSS 5.4≥ unspecified, < 1.2.112022-01-26
CVE-2022-0379 [MEDIUM] CWE-79 CVE-2022-0379: Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-0278P4MEDIUMCVSS 5.4≥ unspecified, < 1.2.112022-01-20
CVE-2022-0278 [MEDIUM] CWE-79 CVE-2022-0278: Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-0506P4MEDIUMCVSS 5.4≥ unspecified, < 1.2.112022-02-08
CVE-2022-0506 [MEDIUM] CWE-79 CVE-2022-0506: Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-0688P4MEDIUMCVSS 4.9≥ unspecified, < 1.2.112022-02-20
CVE-2022-0688 [MEDIUM] CWE-840 CVE-2022-0688: Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.
Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-0690P4MEDIUMCVSS 6.1≥ unspecified, < 1.2.112022-02-19
CVE-2022-0690 [MEDIUM] CWE-79 CVE-2022-0690: Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
nvd