CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-23136
https://notcve.org/view.php?id=CVE-2020-23136
Microweber v1.1.18 is affected by no session expiry after log-out. Microweber versión v1.1.18, está afectado por una no expiración de la sesión después del cierre de sesión • http://microweber.com https://gist.github.com/virendratiwari03/0b0d161e1141fdd74122abbb02fefe17 • CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2020-13405
https://notcve.org/view.php?id=CVE-2020-13405
userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request. El archivo userfiles/modules/users/controller/controller.php en Microweber versiones anteriores a 1.1.20, permite a un usuario no autenticado divulgar la base de datos de usuarios por medio de una petición POST de /modules/ • https://github.com/mrnazu/CVE-2020-13405 https://github.com/microweber/microweber/commit/269320e0e0e06a1785e1a1556da769a34280b7e6 https://rhinosecuritylabs.com/research/microweber-database-disclosure • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13241
https://notcve.org/view.php?id=CVE-2020-13241
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file. Microweber versión 1.1.18, permite una Carga de Archivos Sin Restricciones porque admin/view:modules/load_module:users#edit-user=1 no comprueba que la extensión del archivo (usada con la opción Add Image en la pantalla Edit User) corresponda a un archivo de imagen. • https://gist.github.com/virendratiwari03/0af29841fdf27207eb3abc8f28d326f3 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2018-19917 – Microweber 1.0.8 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-19917
Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities. Microweber 1.0.8 tiene vulnerabilidades de Cross-Site Scripting (XSS) reflejado. Microweber version 1.0.8 suffers from reflected cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/151005/Microweber-1.0.8-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Jan/12 http://seclists.org/fulldisclosure/2019/Jan/25 https://github.com/microweber/microweber/commits/master https://www.netsparker.com/web-applications-advisories/ns-18-038-reflected-cross-site-scripting-in-microweber • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1000826
https://notcve.org/view.php?id=CVE-2018-1000826
Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code. Microweber, en versiones iguales o anteriores a la 1.0.7, contiene una vulnerabilidad de Cross Site Scripting (XSS) en la plantilla de formularios de inicio de sesión que puede resultar en la ejecución de código JavaScript. • https://0dd.zone/2018/10/28/microweber-XSS https://github.com/microweber/microweber/issues/489 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •