CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2014 – Cross-site Scripting (XSS) - Generic in microweber/microweber
https://notcve.org/view.php?id=CVE-2023-2014
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3. • https://github.com/microweber/microweber/commit/1a9b904722b35b00653c6ae72dca2969149159b3 https://huntr.dev/bounties/a77bf7ed-6b61-452e-b5ee-e20017e28d1a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1877 – Command Injection in microweber/microweber
https://notcve.org/view.php?id=CVE-2023-1877
Command Injection in GitHub repository microweber/microweber prior to 1.3.3. • https://github.com/microweber/microweber/commit/93a906d0bf096c3ab1674012a90c88d101e76c8d https://huntr.dev/bounties/71fe4b3b-20ac-448c-8191-7b99d7ffaf55 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1881 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2023-1881
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. • https://github.com/microweber/microweber/commit/8d039de2d615956f6df8df0bb1045ff3be88f183 https://huntr.dev/bounties/d5ebc2bd-8638-41c4-bf72-7c906c601344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1081 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2023-1081
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. • https://github.com/microweber/microweber/commit/29d418461d8407688f2720e7b4be915e03fc16c1 https://huntr.dev/bounties/cf59deed-9d43-4552-acfd-43f38f3aabba • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32856 – Microweber vulnerable to Cross-site Scripting
https://notcve.org/view.php?id=CVE-2021-32856
Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete. • https://github.com/microweber/microweber/commit/f3b86d59ab674dbf514f9f9948ddfa091739ab75 https://securitylab.github.com/advisories/GHSL-2021-1005-Microweber • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •