CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0895 – Static Code Injection in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0895
Static Code Injection in GitHub repository microweber/microweber prior to 1.3. Una Inyección de Código Estático en el repositorio de GitHub microweber/microweber versiones anteriores a 1.3 • https://github.com/microweber/microweber/commit/b2baab6e582b2efe63788d367a2bb61a2fa26470 https://huntr.dev/bounties/3c070828-fd00-476c-be33-9c877172363d • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0896 – Improper Neutralization of Special Elements Used in a Template Engine in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0896
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3. Una Neutralización Inapropiada de Elementos Especiales Usados en un Motor de Plantillas en el repositorio de GitHub microweber/microweber versiones anteriores a 1.3 • https://github.com/microweber/microweber/commit/e0224462b3dd6b1f7c6ec1197413afc6019bc3b5 https://huntr.dev/bounties/113056f1-7a78-4205-9f42-940ad41d8df0 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0855 – Improper Resolution of Path Equivalence in microweber-dev/whmcs_plugin
https://notcve.org/view.php?id=CVE-2022-0855
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4. Una Resolución Inapropiada de la Equivalencia de Ruta en el repositorio de GitHub microweber-dev/whmcs_plugin versiones anteriores a 0.0.4 • https://github.com/microweber-dev/whmcs_plugin/commit/2e7a11d332db79cc52ccda00455a15f4dc6147ff https://huntr.dev/bounties/511879b0-cdaa-4c03-af92-deb54d46284a • CWE-41: Improper Resolution of Path Equivalence CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0777 – Weak Password Recovery Mechanism for Forgotten Password in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0777
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3. Un Mecanismo de Recuperación de Contraseñas Débil para el Olvido de Contraseñas en el repositorio de GitHub microweber/microweber versiones anteriores a 1.3. • https://github.com/microweber/microweber/commit/a3944cf9d1d8c41a48297ddc98302934e2511b0f https://huntr.dev/bounties/b36be8cd-544f-42bd-990d-aa1a46df44d7 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0723 – Cross-site Scripting (XSS) - Reflected in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0723
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.11. • https://github.com/microweber/microweber/commit/15e519a86e4b24526abaf9e6dc81cb1af86843a5 https://huntr.dev/bounties/16b0547b-1bb3-493c-8a00-5b6a11fca1c5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •