Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microweber vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2022-0723
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber before 1.2.11.
Microweber Microweber
NA
CVE-2022-4617
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber before 1.3.2.
Microweber Microweber
3.5
CVSSv2
CVE-2022-2280
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber before 1.2.19.
Microweber Microweber
3.5
CVSSv2
CVE-2022-2300
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber before 1.2.19.
Microweber Microweber
NA
CVE-2023-0608
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber before 1.3.2.
Microweber Microweber
7.2
CVSSv2
CVE-2020-13241
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file.
Microweber Microweber 1.1.18
5.8
CVSSv2
CVE-2020-23140
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.
Microweber Microweber 1.1.18
NA
CVE-2023-49052
File Upload vulnerability in Microweber v.2.0.4 allows a remote malicious user to execute arbitrary code via a crafted script to the file upload function in the created forms component.
Microweber Microweber 2.0.4
1 Github repository
6.5
CVSSv2
CVE-2021-36461
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows malicious users to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.
Microweber Microweber 1.1.3
7.5
CVSSv2
CVE-2020-23138
An unrestricted file upload vulnerability exists in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.
Microweber Microweber 1.1.18
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »