CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36461
https://notcve.org/view.php?id=CVE-2021-36461
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini. Se presenta una vulnerabilidad de Carga de Archivos Arbitraria en Microweber versión 1.1.3, que permite a atacantes obtener shell por medio de la sección de Carga de Imágenes de la Configuración, al cargar imágenes con código malicioso, user.ini • https://github.com/microweber/microweber/issues/751 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2368 – Authentication Bypass by Spoofing in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2368
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. Unos Errores de Lógica de Negocio en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.20 • https://github.com/microweber/microweber/commit/53c000ccd5602536e28b15d9630eb8261b04a302 https://huntr.dev/bounties/a9595eda-a5e0-4717-8d64-b445ef83f452 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2353 – Cross-Site Request Forgery (CSRF) in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2353
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user. Microweber/microweber versiones anteriores a v1.2.20, debido a una neutralización inapropiada de la entrada, un atacante puede robar tokens para llevar a cabo un ataque de tipo cross-site request forgery, conseguir contenidos del mismo sitio y redirigir a un usuario • https://github.com/microweber/microweber/commit/79c6914bab8c9da07ac950fda17648d08c68b130 https://huntr.dev/bounties/7782c095-9e8c-48b0-a7f5-3a8f52e8af52 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2300 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2300
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.19 • https://github.com/microweber/microweber/commit/70b46e231e7b2c113666745a0ab6de9a8b7ef08e https://huntr.dev/bounties/882d6cf9-64f5-4614-a873-a3030473c817 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2280 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2280
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.19 • https://github.com/microweber/microweber/commit/9ebbb4dd35da74025ab6965f722829a7f8f86566 https://huntr.dev/bounties/22561bfd-a28f-474e-9bfd-7263c1b71133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •