Page 6 of 95 results (0.008 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.21 • https://github.com/microweber/microweber/commit/d35e691e72d358430abc8e99f5ba9eb374423b9f https://huntr.dev/bounties/00affb69-275d-4f4c-b419-437922bc7798 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini. Se presenta una vulnerabilidad de Carga de Archivos Arbitraria en Microweber versión 1.1.3, que permite a atacantes obtener shell por medio de la sección de Carga de Imágenes de la Configuración, al cargar imágenes con código malicioso, user.ini • https://github.com/microweber/microweber/issues/751 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. Unos Errores de Lógica de Negocio en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.20 • https://github.com/microweber/microweber/commit/53c000ccd5602536e28b15d9630eb8261b04a302 https://huntr.dev/bounties/a9595eda-a5e0-4717-8d64-b445ef83f452 • CWE-290: Authentication Bypass by Spoofing •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user. Microweber/microweber versiones anteriores a v1.2.20, debido a una neutralización inapropiada de la entrada, un atacante puede robar tokens para llevar a cabo un ataque de tipo cross-site request forgery, conseguir contenidos del mismo sitio y redirigir a un usuario • https://github.com/microweber/microweber/commit/79c6914bab8c9da07ac950fda17648d08c68b130 https://huntr.dev/bounties/7782c095-9e8c-48b0-a7f5-3a8f52e8af52 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.19 • https://github.com/microweber/microweber/commit/70b46e231e7b2c113666745a0ab6de9a8b7ef08e https://huntr.dev/bounties/882d6cf9-64f5-4614-a873-a3030473c817 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •