CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0281 – Exposure of Sensitive Information to an Unauthorized Actor in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0281
Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11. Una Exposición de Información Confidencial a un Actor no Autorizado en Packagist microweber/microweber versiones anteriores a 1.2.11 • https://github.com/microweber/microweber/commit/e680e134a4215c979bfd2eaf58336be34c8fc6e6 https://huntr.dev/bounties/315f5ac6-1b5e-4444-ad8f-802371da3505 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0278 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0278
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en Packagist microweber/microweber versiones anteriores a 1.2.11 • https://github.com/microweber/microweber/commit/b64ef574b82dbf89a908e1569d790c7012d1ccd7 https://huntr.dev/bounties/64495d0f-d5ec-4542-9693-32372c18d030 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0277 – Incorrect Permission Assignment for Critical Resource in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0277
Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11. Un Control de Acceso Inapropiado en Packagist microweber/microweber versiones anteriores a 1.2.11 • https://github.com/microweber/microweber/commit/e680e134a4215c979bfd2eaf58336be34c8fc6e6 https://huntr.dev/bounties/0e776f3d-35b1-4a9e-8fe8-91e46c0d6316 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33988
https://notcve.org/view.php?id=CVE-2021-33988
Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Microweber CMS versión 1.2.7 por medio del formulario de inicio de sesión, que podría permitir a un usuario malicioso ejecutar Javascript al insertar código en el formulario de petición • https://github.com/nck0099/osTicket/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •