CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47379
https://notcve.org/view.php?id=CVE-2023-47379
Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality. Microweber CMS versión 2.0.1 es vulnerable a Cross Site Scripting (XSS) almacenado a través de la funcionalidad de subida de archivos de imagen de perfil. • https://github.com/microweber/microweber/blob/master/CHANGELOG.md https://github.com/microweber/microweber/commit/c6e7ea9d0abd7564a3bb23c14ad172e4ccf27a7e#diff-fac4e7e9eca69c10d074bf8c5eac7f64b018c6b4d91dcad54b340a8560049e00 https://www.getastra.com/blog/security-audit/stored-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5976 – Improper Access Control in microweber/microweber
https://notcve.org/view.php?id=CVE-2023-5976
Improper Access Control in GitHub repository microweber/microweber prior to 2.0. Control de acceso inadecuado en el repositorio de GitHub microweber/microweber anterior a 2.0. • https://github.com/microweber/microweber/commit/bc537ebe235bf9924c6557a46114f5f9557cd16a https://huntr.com/bounties/2004e4a9-c5f6-406a-89b0-571f808882fa • CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5861 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2023-5861
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. Cross-site Scripting (XSS): almacenado en el repositorio de GitHub microweber/microweber anterior a 2.0. • https://github.com/microweber/microweber/commit/6ed7ebf1631dd8f0780caa4151a5538f3b227d26 https://huntr.com/bounties/7baecef8-6c59-42fc-bced-886c4929e220 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5318 – Use of Hard-coded Credentials in microweber/microweber
https://notcve.org/view.php?id=CVE-2023-5318
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0. Uso de credenciales codificadas en el repositorio de GitHub microweber/microweber anterior a 2.0. • https://github.com/microweber/microweber/commit/c48b34dfd6cae7a55b452280d692dc62512574b0 https://huntr.dev/bounties/17826bdd-8136-48ae-afb9-af627cb6fd5d • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5244 – Cross-site Scripting (XSS) - Reflected in microweber/microweber
https://notcve.org/view.php?id=CVE-2023-5244
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0. Cross-site Scripting (XSS): reflejado en el repositorio de GitHub microweber/microweber anterior a 2.0. • https://github.com/microweber/microweber/commit/1cb846f8f54ff6f5c668f3ae64dd81740a7e8968 https://huntr.dev/bounties/a3bd58ba-ca59-4cba-85d1-799f73a76470 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •