CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2022-3242 – HTML code Injection in template search keyword in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-3242
Code Injection in GitHub repository microweber/microweber prior to 1.3.2. Una Inyección de código en el repositorio de GitHub microweber/microweber versiones anteriores a 1.3.2 • https://github.com/microweber/microweber/commit/68f0721571653db865a5fa01c7986642c82e919c https://huntr.dev/bounties/3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2777 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2777
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio GitHub microweber/microweber versiones anteriores a 1.3.1 • https://github.com/microweber/microweber/commit/60eef7494211d1c458228c321e986edeaa401a58 https://huntr.dev/bounties/13dd2f4d-0c7f-483e-a771-e1ed2ff1c36f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2470 – Cross-site Scripting (XSS) - Reflected in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2470
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.21 • https://github.com/microweber/microweber/commit/d28655183800b833abb20ccd55e1628f16ff65e4 https://huntr.dev/bounties/3f1f679c-c243-431c-8ed0-e61543b9921b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2495 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2495
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.21 • https://github.com/microweber/microweber/commit/d35e691e72d358430abc8e99f5ba9eb374423b9f https://huntr.dev/bounties/00affb69-275d-4f4c-b419-437922bc7798 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36461
https://notcve.org/view.php?id=CVE-2021-36461
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini. Se presenta una vulnerabilidad de Carga de Archivos Arbitraria en Microweber versión 1.1.3, que permite a atacantes obtener shell por medio de la sección de Carga de Imágenes de la Configuración, al cargar imágenes con código malicioso, user.ini • https://github.com/microweber/microweber/issues/751 • CWE-434: Unrestricted Upload of File with Dangerous Type •