CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-33012
https://notcve.org/view.php?id=CVE-2022-33012
Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack. Se descubrió que Microweber v1.2.15 permitía a los atacantes realizar una apropiación de cuentas mediante un ataque de inyección de encabezado del host. • https://blog.jitendrapatro.me/cve-2022-33012-account-takeover-through-password-reset-poisoning https://github.com/microweber/microweber https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Account%20Takeover#account-takeover-through-password-reset-poisoning https://www.pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3245 – Code Injection in display of tag title on saving tags in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-3245
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input. Un ataque de inyección HTML está estrechamente relacionado con un ataque de tipo Cross-site Scripting (XSS). • https://github.com/microweber/microweber/commit/f20abf30a1d9c1426c5fb757ac63998dc5b92bfc https://huntr.dev/bounties/747c2924-95ca-4311-9e69-58ee0fb440a0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2022-3242 – HTML code Injection in template search keyword in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-3242
Code Injection in GitHub repository microweber/microweber prior to 1.3.2. Una Inyección de código en el repositorio de GitHub microweber/microweber versiones anteriores a 1.3.2 • https://github.com/microweber/microweber/commit/68f0721571653db865a5fa01c7986642c82e919c https://huntr.dev/bounties/3e6b218a-a5a6-40d9-9f7e-5ab0c6214faf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2777 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2777
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio GitHub microweber/microweber versiones anteriores a 1.3.1 • https://github.com/microweber/microweber/commit/60eef7494211d1c458228c321e986edeaa401a58 https://huntr.dev/bounties/13dd2f4d-0c7f-483e-a771-e1ed2ff1c36f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2470 – Cross-site Scripting (XSS) - Reflected in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2470
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.21 • https://github.com/microweber/microweber/commit/d28655183800b833abb20ccd55e1628f16ff65e4 https://huntr.dev/bounties/3f1f679c-c243-431c-8ed0-e61543b9921b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •