CVE-2022-0690 – Cross-site Scripting (XSS) - Reflected in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0690
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en Packagist microweber/microweber versiones anteriores a 1.2.11 • https://github.com/microweber/microweber/commit/f7f5d41ba1a08ceed37c00d5f70a3f48b272e9f2 https://huntr.dev/bounties/4999a0f4-6efb-4681-b4ba-b36babc366f9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-0689 – Use multiple time the one-time coupon in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0689
Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11. Un uso múltiples veces del cupón de un solo uso en Packagist microweber/microweber versiones anteriores a 1.2.11 • https://github.com/microweber/microweber/commit/c3c25ae6c421bb4a65df9e0035edcc2f75594a04 https://huntr.dev/bounties/fa5dbbd3-97fe-41a9-8797-2e54d9a9c649 • CWE-840: Business Logic Errors •
CVE-2022-0678 – Cross-site Scripting (XSS) - Reflected in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0678
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en Packagist microweber/microweber antes de 1.2.11 • https://github.com/microweber/microweber/commit/2b8fa5aac31e51e2aca83c7ef5d1281ba2e755f8 https://huntr.dev/bounties/d707137a-aace-44c5-b15c-1807035716c0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-0666 – CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0666
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. Una inyección de CRLF conlleva a una Exposición de Trazas de Pila debido a una falta de filtrado en https://demo.microweber.org/ en Packagist microweber/microweber versiones anteriores a 1.2.11 • https://github.com/microweber/microweber/commit/f0e338f1b7dc5ec9d99231f4ed3fa6245a5eb128 https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVE-2022-0660 – Generation of Error Message Containing Sensitive Information in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0660
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. Una Generación de un Mensaje de Error que Contiene Información Confidencial en Packagist microweber/microweber versiones anteriores a 1.2.11 • https://github.com/microweber/microweber/commit/2417bd2eda2aa2868c1dad1abf62341f22bfc20a https://huntr.dev/bounties/01fd2e0d-b8cf-487f-a16c-7b088ef3a291 • CWE-209: Generation of Error Message Containing Sensitive Information •