CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2368 – Authentication Bypass by Spoofing in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2368
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. Unos Errores de Lógica de Negocio en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.20 • https://github.com/microweber/microweber/commit/53c000ccd5602536e28b15d9630eb8261b04a302 https://huntr.dev/bounties/a9595eda-a5e0-4717-8d64-b445ef83f452 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2353 – Cross-Site Request Forgery (CSRF) in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2353
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user. Microweber/microweber versiones anteriores a v1.2.20, debido a una neutralización inapropiada de la entrada, un atacante puede robar tokens para llevar a cabo un ataque de tipo cross-site request forgery, conseguir contenidos del mismo sitio y redirigir a un usuario • https://github.com/microweber/microweber/commit/79c6914bab8c9da07ac950fda17648d08c68b130 https://huntr.dev/bounties/7782c095-9e8c-48b0-a7f5-3a8f52e8af52 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2300 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2300
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.19 • https://github.com/microweber/microweber/commit/70b46e231e7b2c113666745a0ab6de9a8b7ef08e https://huntr.dev/bounties/882d6cf9-64f5-4614-a873-a3030473c817 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2280 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2280
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.19 • https://github.com/microweber/microweber/commit/9ebbb4dd35da74025ab6965f722829a7f8f86566 https://huntr.dev/bounties/22561bfd-a28f-474e-9bfd-7263c1b71133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2252 – Open Redirect in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2252
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. Un Redireccionamiento Abierto en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.19 • https://github.com/microweber/microweber/commit/187e949daf7dea6f10b80da70988f0f86444eeff https://huntr.dev/bounties/4d394bcc-a000-4f96-8cd2-8c565e1347e8 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •