Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microweber vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-1439
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber before 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that ...
Microweber Microweber
7.2
CVSSv3
CVE-2020-28337
A directory traversal issue in the Utils/Unzip module in Microweber up to and including 1.1.20 allows an authenticated malicious user to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administra...
Microweber Microweber
5.4
CVSSv3
CVE-2022-0378
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber before 1.2.11.
Microweber Microweber
17 Github repositories
6.5
CVSSv3
CVE-2023-6566
Business Logic Errors in GitHub repository microweber/microweber before 2.0.
Microweber Microweber
4.3
CVSSv3
CVE-2023-6599
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber before 2.0.
Microweber Microweber
NA
CVE-2014-9464
SQL injection vulnerability in Category.php in Microweber CMS 0.95 prior to 20141209 allows remote malicious users to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
Microweber Microweber
1 EDB exploit
6.1
CVSSv3
CVE-2022-4647
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber before 1.3.2.
Microweber Microweber
5.4
CVSSv3
CVE-2022-0278
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber before 1.2.11.
Microweber Microweber
7.5
CVSSv3
CVE-2022-0282
Cross-site Scripting in Packagist microweber/microweber before 1.2.11.
Microweber Microweber
7.5
CVSSv3
CVE-2020-13405
userfiles/modules/users/controller/controller.php in Microweber prior to 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.
Microweber Microweber
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »