) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:microweber:microweber:1.0.7:fix1:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-6832 |
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. Published: December 14, 2023; 8:15:08 PM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2023-6599 |
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0. Published: December 07, 2023; 7:15:08 PM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2023-6566 |
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. Published: December 06, 2023; 7:15:07 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2023-5976 |
Improper Access Control in GitHub repository microweber/microweber prior to 2.0. Published: November 06, 2023; 11:24:37 PM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2023-5861 |
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. Published: October 30, 2023; 9:15:07 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2023-5318 |
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0. Published: September 29, 2023; 9:15:39 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2023-5244 |
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0. Published: September 27, 2023; 9:15:09 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-3142 |
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. Published: June 07, 2023; 11:15:09 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-2239 |
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4. Published: April 22, 2023; 1:15:07 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2023-2240 |
Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4. Published: April 21, 2023; 9:15:08 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2023-2014 |
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3. Published: April 12, 2023; 10:15:07 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2023-1881 |
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. Published: April 05, 2023; 1:15:07 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-1877 |
Command Injection in GitHub repository microweber/microweber prior to 1.3.3. Published: April 05, 2023; 1:15:06 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2023-1081 |
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. Published: February 27, 2023; 9:15:08 PM -0500 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2021-32856 |
Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete. Published: February 21, 2023; 10:15:11 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-0608 |
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2. Published: February 01, 2023; 1:15:09 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-4732 |
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2. Published: December 27, 2022; 10:15:12 AM -0500 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0:(not available) |
| CVE-2022-4647 |
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2. Published: December 21, 2022; 9:15:08 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2022-4617 |
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2. Published: December 20, 2022; 8:15:11 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2022-3245 |
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input. Published: September 20, 2022; 10:15:09 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |