Microweber: Security Vulnerabilities
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users
CVSS Score
4.7
EPSS Score
0.004
Published
2025-01-10
A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter.
CVSS Score
6.1
EPSS Score
0.011
Published
2024-08-06
microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php.
CVSS Score
6.1
EPSS Score
0.012
Published
2024-08-05
microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php.
CVSS Score
6.1
EPSS Score
0.013
Published
2024-08-05
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVSS Score
6.0
EPSS Score
0.001
Published
2023-12-15
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-12-08
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.
CVSS Score
3.1
EPSS Score
0.002
Published
2023-12-08
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-12-07
File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.
CVSS Score
8.8
EPSS Score
0.263
Published
2023-11-30
Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-11-08