CVE-2023-0608 – Cross-site Scripting (XSS) - DOM in microweber/microweber
https://notcve.org/view.php?id=CVE-2023-0608
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2. • https://github.com/microweber/microweber/commit/20df56615e61624f5fff149849753869e4b3b936 https://huntr.dev/bounties/02a86e0d-dff7-4e27-89d5-2f7dcd4b580c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-4732 – Unrestricted Upload of File with Dangerous Type in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-4732
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2. Carga sin restricciones de archivos con tipo peligroso en el repositorio de GitHub microweber/microweber anterior a 1.3.2. • https://github.com/microweber/microweber/commit/0d279ac81052ce7ee97c18c811a9b8e912189da0 https://huntr.dev/bounties/d5be2e96-1f2f-4357-a385-e184cf0119aa • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2022-4647 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-4647
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2. Cross-Site Scripting (XSS): almacenado en el repositorio de GitHub microweber/microweber anterior a 1.3.2. • https://github.com/microweber/microweber/commit/20df56615e61624f5fff149849753869e4b3b936 https://huntr.dev/bounties/ccdd243d-726c-4199-b742-25c571491242 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-4617 – Cross-site Scripting (XSS) - Reflected in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-4617
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2. Cross-Site Scripting (XSS) Reflejado en el repositorio de GitHub microweber/microweber anterior a 1.3.2. • https://github.com/microweber/microweber/commit/df8add930ecfa7f5b18c67c3f748c137fe890906 https://huntr.dev/bounties/1fb2ce08-7016-45fa-b402-ec08d700e4df • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-0698
https://notcve.org/view.php?id=CVE-2022-0698
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter. La versión 1.3.1 de Microweber permite a un usuario no autenticado realizar una apropiación de cuenta a través de un XSS en el parámetro 'select-file'. • https://fluidattacks.com/advisories/garrix https://github.com/microweber/microweber • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •