CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0608 – Cross-site Scripting (XSS) - DOM in microweber/microweber
https://notcve.org/view.php?id=CVE-2023-0608
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2. • https://github.com/microweber/microweber/commit/20df56615e61624f5fff149849753869e4b3b936 https://huntr.dev/bounties/02a86e0d-dff7-4e27-89d5-2f7dcd4b580c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4732 – Unrestricted Upload of File with Dangerous Type in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-4732
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2. Carga sin restricciones de archivos con tipo peligroso en el repositorio de GitHub microweber/microweber anterior a 1.3.2. • https://github.com/microweber/microweber/commit/0d279ac81052ce7ee97c18c811a9b8e912189da0 https://huntr.dev/bounties/d5be2e96-1f2f-4357-a385-e184cf0119aa • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4647 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-4647
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2. Cross-Site Scripting (XSS): almacenado en el repositorio de GitHub microweber/microweber anterior a 1.3.2. • https://github.com/microweber/microweber/commit/20df56615e61624f5fff149849753869e4b3b936 https://huntr.dev/bounties/ccdd243d-726c-4199-b742-25c571491242 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4617 – Cross-site Scripting (XSS) - Reflected in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-4617
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2. Cross-Site Scripting (XSS) Reflejado en el repositorio de GitHub microweber/microweber anterior a 1.3.2. • https://github.com/microweber/microweber/commit/df8add930ecfa7f5b18c67c3f748c137fe890906 https://huntr.dev/bounties/1fb2ce08-7016-45fa-b402-ec08d700e4df • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-33012
https://notcve.org/view.php?id=CVE-2022-33012
Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack. Se descubrió que Microweber v1.2.15 permitía a los atacantes realizar una apropiación de cuentas mediante un ataque de inyección de encabezado del host. • https://blog.jitendrapatro.me/cve-2022-33012-account-takeover-through-password-reset-poisoning https://github.com/microweber/microweber https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Account%20Takeover#account-takeover-through-password-reset-poisoning https://www.pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •