Microweber Microweber vulnerabilities
78 known vulnerabilities affecting microweber/microweber_microweber.
Total CVEs
78
CISA KEV
0
Public exploits
17
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH13MEDIUM62
Vulnerabilities
Page 4 of 4
CVE-2022-0560P4MEDIUMCVSS 6.1≥ unspecified, < 1.2.112022-02-11
CVE-2022-0560 [MEDIUM] CWE-601 CVE-2022-0560: Open Redirect in Packagist microweber/microweber prior to 1.2.11.
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-1584P4MEDIUMCVSS 6.1≥ unspecified, < 1.2.162022-05-04
CVE-2022-1584 [MEDIUM] CWE-79 CVE-2022-1584: Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as th
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim
nvd
CVE-2022-0912P4MEDIUMCVSS 4.8≥ unspecified, < 1.2.112022-03-11
CVE-2022-0912 [MEDIUM] CWE-434 CVE-2022-0912: Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.
nvd
CVE-2022-0930P4MEDIUMCVSS 4.8≥ unspecified, < 1.2.122022-03-12
CVE-2022-0930 [MEDIUM] CWE-434 CVE-2022-0930: File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
nvd
CVE-2022-0926P4MEDIUMCVSS 4.8≥ unspecified, < 1.2.122022-03-12
CVE-2022-0926 [MEDIUM] CWE-79 CVE-2022-0926: File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
nvd
CVE-2022-0906P4MEDIUMCVSS 4.8≥ unspecified, < 1.1.122022-03-10
CVE-2022-0906 [MEDIUM] CWE-79 CVE-2022-0906: Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.
nvd
CVE-2023-5976P4MEDIUMCVSS 4.3≥ unspecified, < 2.02023-11-07
CVE-2023-5976 [MEDIUM] CWE-284 CVE-2023-5976: Improper Access Control in GitHub repository microweber/microweber prior to 2.0.
Improper Access Control in GitHub repository microweber/microweber prior to 2.0.
nvd
CVE-2022-0596P4MEDIUMCVSS 4.3≥ unspecified, < 1.2.112022-02-15
CVE-2022-0596 [MEDIUM] CWE-1284 CVE-2022-0596: Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.1
Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.
nvd
CVE-2022-0763P4MEDIUMCVSS 4.8≥ unspecified, < 1.32022-02-26
CVE-2022-0763 [MEDIUM] CWE-79 CVE-2022-0763: Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.
nvd
CVE-2022-2495P4MEDIUMCVSS 4.8≥ unspecified, < 1.2.212022-07-22
CVE-2022-2495 [MEDIUM] CWE-79 CVE-2022-2495: Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.
nvd
CVE-2023-2014P4MEDIUMCVSS 4.8≥ unspecified, < 1.3.32023-04-13
CVE-2023-2014 [MEDIUM] CWE-79 CVE-2023-2014: Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
nvd
CVE-2023-5861P4MEDIUMCVSS 4.8≥ unspecified, < 2.02023-10-31
CVE-2023-5861 [MEDIUM] CWE-79 CVE-2023-5861: Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
nvd
CVE-2023-1081P4MEDIUMCVSS 4.8≥ unspecified, < 1.3.32023-02-28
CVE-2023-1081 [MEDIUM] CWE-79 CVE-2023-1081: Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
nvd
CVE-2022-0762P4MEDIUMCVSS 4.3≥ unspecified, < 1.32022-02-26
CVE-2022-0762 [MEDIUM] CWE-863 CVE-2022-0762: Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.
Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.
nvd
CVE-2023-6599P4MEDIUMCVSS 4.3≥ unspecified, < 2.02023-12-08
CVE-2023-6599 [MEDIUM] CWE-544 CVE-2023-6599: Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.
nvd
CVE-2023-6832P4MEDIUMCVSS 4.3≥ unspecified, < 2.02023-12-15
CVE-2023-6832 [MEDIUM] CWE-840 CVE-2023-6832: Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
nvd
CVE-2022-0961P4MEDIUMCVSS 5.5≥ unspecified, < 1.2.122022-03-15
CVE-2022-0961 [MEDIUM] CWE-190 CVE-2022-0961: The microweber application allows large characters to insert in the input field "post title" which c
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.
nvd
CVE-2022-0638P4MEDIUMCVSS 4.3≥ unspecified, < 1.2.112022-02-17
CVE-2022-0638 [MEDIUM] CWE-352 CVE-2022-0638: Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.
nvd
← Previous4 / 4