) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:microweber:microweber:0.9.346:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-0689 |
Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11. Published: February 19, 2022; 11:15:08 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2022-0678 |
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. Published: February 19, 2022; 6:15:08 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2022-0666 |
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. Published: February 18, 2022; 10:15:07 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2022-0660 |
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. Published: February 18, 2022; 6:15:08 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2022-0638 |
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. Published: February 17, 2022; 12:15:09 PM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2022-0597 |
Open Redirect in Packagist microweber/microweber prior to 1.2.11. Published: February 15, 2022; 9:15:08 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2022-0596 |
Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11. Published: February 15, 2022; 9:15:08 AM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-0560 |
Open Redirect in Packagist microweber/microweber prior to 1.2.11. Published: February 11, 2022; 8:15:08 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2022-0557 |
OS Command Injection in Packagist microweber/microweber prior to 1.2.11. Published: February 11, 2022; 4:15:06 AM -0500 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 9.0 HIGH |
| CVE-2022-0558 |
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. Published: February 10, 2022; 5:15:14 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2022-0506 |
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. Published: February 08, 2022; 4:15:08 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2022-0505 |
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. Published: February 08, 2022; 4:15:08 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2022-0504 |
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. Published: February 08, 2022; 4:15:08 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-0379 |
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. Published: January 26, 2022; 11:15:07 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2022-0378 |
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. Published: January 26, 2022; 11:15:07 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2022-0282 |
Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11. Published: January 20, 2022; 7:15:08 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2022-0281 |
Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11. Published: January 20, 2022; 6:15:08 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2022-0278 |
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. Published: January 20, 2022; 5:15:09 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2022-0277 |
Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11. Published: January 20, 2022; 5:15:09 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2020-28337 |
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously constructed ZIP file with file paths including relative paths (i.e., ../../), move this file into the backup directory, and execute a restore on this file. Published: February 15, 2021; 3:15:12 PM -0500 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |