Shodan
Vulnerabilities
Vulnerable Software
Microweber:  Security Vulnerabilities
CVE-2022-1584
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim
CVSS Score
6.3
EPSS Score
0.003
Published
2022-05-04
CVE-2022-1555
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...
CVSS Score
8.8
EPSS Score
0.009
Published
2022-05-04
CVE-2022-1504
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.
CVSS Score
6.3
EPSS Score
0.003
Published
2022-04-27
CVE-2022-1439
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.
CVSS Score
6.3
EPSS Score
0.342
Published
2022-04-22
CVE-2022-1036
Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.
CVSS Score
5.3
EPSS Score
0.007
Published
2022-03-22
CVE-2022-0968
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.
CVSS Score
7.2
EPSS Score
0.011
Published
2022-03-15
CVE-2022-0963
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
CVSS Score
5.7
EPSS Score
0.046
Published
2022-03-15
CVE-2022-0961
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.
CVSS Score
7.1
EPSS Score
0.018
Published
2022-03-15
CVE-2022-0954
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
CVSS Score
6.8
EPSS Score
0.058
Published
2022-03-15
CVE-2022-0930
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
CVSS Score
8.0
EPSS Score
0.005
Published
2022-03-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved