CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1881 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2023-1881
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. • https://github.com/microweber/microweber/commit/8d039de2d615956f6df8df0bb1045ff3be88f183 https://huntr.dev/bounties/d5ebc2bd-8638-41c4-bf72-7c906c601344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1081 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2023-1081
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. • https://github.com/microweber/microweber/commit/29d418461d8407688f2720e7b4be915e03fc16c1 https://huntr.dev/bounties/cf59deed-9d43-4552-acfd-43f38f3aabba • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32856 – Microweber vulnerable to Cross-site Scripting
https://notcve.org/view.php?id=CVE-2021-32856
Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete. • https://github.com/microweber/microweber/commit/f3b86d59ab674dbf514f9f9948ddfa091739ab75 https://securitylab.github.com/advisories/GHSL-2021-1005-Microweber • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0608 – Cross-site Scripting (XSS) - DOM in microweber/microweber
https://notcve.org/view.php?id=CVE-2023-0608
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2. • https://github.com/microweber/microweber/commit/20df56615e61624f5fff149849753869e4b3b936 https://huntr.dev/bounties/02a86e0d-dff7-4e27-89d5-2f7dcd4b580c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4732 – Unrestricted Upload of File with Dangerous Type in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-4732
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2. Carga sin restricciones de archivos con tipo peligroso en el repositorio de GitHub microweber/microweber anterior a 1.3.2. • https://github.com/microweber/microweber/commit/0d279ac81052ce7ee97c18c811a9b8e912189da0 https://huntr.dev/bounties/d5be2e96-1f2f-4357-a385-e184cf0119aa • CWE-434: Unrestricted Upload of File with Dangerous Type •