Page 2 of 99 results (0.001 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality. Microweber CMS versión 2.0.1 es vulnerable a Cross Site Scripting (XSS) almacenado a través de la funcionalidad de subida de archivos de imagen de perfil. • https://github.com/microweber/microweber/blob/master/CHANGELOG.md https://github.com/microweber/microweber/commit/c6e7ea9d0abd7564a3bb23c14ad172e4ccf27a7e#diff-fac4e7e9eca69c10d074bf8c5eac7f64b018c6b4d91dcad54b340a8560049e00 https://www.getastra.com/blog/security-audit/stored-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1

Improper Access Control in GitHub repository microweber/microweber prior to 2.0. Control de acceso inadecuado en el repositorio de GitHub microweber/microweber anterior a 2.0. • https://github.com/microweber/microweber/commit/bc537ebe235bf9924c6557a46114f5f9557cd16a https://huntr.com/bounties/2004e4a9-c5f6-406a-89b0-571f808882fa • CWE-284: Improper Access Control •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. Cross-site Scripting (XSS): almacenado en el repositorio de GitHub microweber/microweber anterior a 2.0. • https://github.com/microweber/microweber/commit/6ed7ebf1631dd8f0780caa4151a5538f3b227d26 https://huntr.com/bounties/7baecef8-6c59-42fc-bced-886c4929e220 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0. Uso de credenciales codificadas en el repositorio de GitHub microweber/microweber anterior a 2.0. • https://github.com/microweber/microweber/commit/c48b34dfd6cae7a55b452280d692dc62512574b0 https://huntr.dev/bounties/17826bdd-8136-48ae-afb9-af627cb6fd5d • CWE-798: Use of Hard-coded Credentials •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0. Cross-site Scripting (XSS): reflejado en el repositorio de GitHub microweber/microweber anterior a 2.0. • https://github.com/microweber/microweber/commit/1cb846f8f54ff6f5c668f3ae64dd81740a7e8968 https://huntr.dev/bounties/a3bd58ba-ca59-4cba-85d1-799f73a76470 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •