CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2252 – Open Redirect in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2252
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. Un Redireccionamiento Abierto en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.19 • https://github.com/microweber/microweber/commit/187e949daf7dea6f10b80da70988f0f86444eeff https://huntr.dev/bounties/4d394bcc-a000-4f96-8cd2-8c565e1347e8 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2174 – Cross-site Scripting (XSS) - Reflected in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2174
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejo en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.18 • https://github.com/microweber/microweber/commit/c51285f791e48e536111cd57a9544ccbf7f33961 https://huntr.dev/bounties/ac68e3fc-8cf1-4a62-90ee-95c4b2bad607 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2130 – Cross-site Scripting (XSS) - Reflected in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2130
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.17 • https://github.com/microweber/microweber/commit/dbd37dda91911360db23269897c737e0abae2c24 https://huntr.dev/bounties/0142970a-5cb8-4dba-8bbc-4fa2f3bee65c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 10%CPEs: 1EXPL: 3CVE-2022-1631 – Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-1631
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. • https://www.exploit-db.com/exploits/50947 http://packetstormsecurity.com/files/167376/Microweber-CMS-1.2.15-Account-Takeover.html https://github.com/microweber/microweber/commit/c162dfffb9bfd264d232aaaf5bb3daee16a3cb38 https://huntr.dev/bounties/5494e258-5c7b-44b4-b443-85cff7ae0ba4 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1584 – Reflected XSS in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-1584
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim Una vulnerabilidad ded tipo XSS reflejado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.16. Ejecución de JavaScript como víctima • https://github.com/microweber/microweber/commit/527abd148e6b7aff8df92a9f1aa951e5bebac59c https://huntr.dev/bounties/69f4ca67-d615-4f25-b2d1-19df7bf1107d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •