Microweber: >> Microweber Security Vulnerabilities
Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.
CVSS Score
6.1
EPSS Score
0.007
Published
2019-03-21
Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-12-20
An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-09-16
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
CVSS Score
7.5
EPSS Score
0.01
Published
2015-01-03
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter.
CVSS Score
6.4
EPSS Score
0.022
Published
2014-05-12
Page 11