Microweber: >> Microweber >> 1.2.7 Security Vulnerabilities
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function
CVSS Score
4.7
EPSS Score
0.002
Published
2025-01-10
Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup
CVSS Score
6.1
EPSS Score
0.001
Published
2025-01-10
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users
CVSS Score
4.7
EPSS Score
0.002
Published
2025-01-10
A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-08-06
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVSS Score
6.0
EPSS Score
0.001
Published
2023-12-15
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.
CVSS Score
3.1
EPSS Score
0.001
Published
2023-12-08
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-12-07
Improper Access Control in GitHub repository microweber/microweber prior to 2.0.
CVSS Score
4.6
EPSS Score
0.001
Published
2023-11-07
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
CVSS Score
6.4
EPSS Score
0.001
Published
2023-10-31
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.
CVSS Score
5.8
EPSS Score
0.003
Published
2023-09-30
Page 1