CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2280 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2280
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.19 • https://github.com/microweber/microweber/commit/9ebbb4dd35da74025ab6965f722829a7f8f86566 https://huntr.dev/bounties/22561bfd-a28f-474e-9bfd-7263c1b71133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2252 – Open Redirect in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2252
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. Un Redireccionamiento Abierto en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.19 • https://github.com/microweber/microweber/commit/187e949daf7dea6f10b80da70988f0f86444eeff https://huntr.dev/bounties/4d394bcc-a000-4f96-8cd2-8c565e1347e8 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2174 – Cross-site Scripting (XSS) - Reflected in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2174
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejo en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.18 • https://github.com/microweber/microweber/commit/c51285f791e48e536111cd57a9544ccbf7f33961 https://huntr.dev/bounties/ac68e3fc-8cf1-4a62-90ee-95c4b2bad607 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2130 – Cross-site Scripting (XSS) - Reflected in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2130
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.17 • https://github.com/microweber/microweber/commit/dbd37dda91911360db23269897c737e0abae2c24 https://huntr.dev/bounties/0142970a-5cb8-4dba-8bbc-4fa2f3bee65c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 10%CPEs: 1EXPL: 3CVE-2022-1631 – Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-1631
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. • https://www.exploit-db.com/exploits/50947 http://packetstormsecurity.com/files/167376/Microweber-CMS-1.2.15-Account-Takeover.html https://github.com/microweber/microweber/commit/c162dfffb9bfd264d232aaaf5bb3daee16a3cb38 https://huntr.dev/bounties/5494e258-5c7b-44b4-b443-85cff7ae0ba4 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •