CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2174 – Cross-site Scripting (XSS) - Reflected in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2174
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejo en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.18 • https://github.com/microweber/microweber/commit/c51285f791e48e536111cd57a9544ccbf7f33961 https://huntr.dev/bounties/ac68e3fc-8cf1-4a62-90ee-95c4b2bad607 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2130 – Cross-site Scripting (XSS) - Reflected in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-2130
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.17 • https://github.com/microweber/microweber/commit/dbd37dda91911360db23269897c737e0abae2c24 https://huntr.dev/bounties/0142970a-5cb8-4dba-8bbc-4fa2f3bee65c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 10%CPEs: 1EXPL: 3CVE-2022-1631 – Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-1631
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. • https://www.exploit-db.com/exploits/50947 http://packetstormsecurity.com/files/167376/Microweber-CMS-1.2.15-Account-Takeover.html https://github.com/microweber/microweber/commit/c162dfffb9bfd264d232aaaf5bb3daee16a3cb38 https://huntr.dev/bounties/5494e258-5c7b-44b4-b443-85cff7ae0ba4 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1584 – Reflected XSS in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-1584
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim Una vulnerabilidad ded tipo XSS reflejado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.16. Ejecución de JavaScript como víctima • https://github.com/microweber/microweber/commit/527abd148e6b7aff8df92a9f1aa951e5bebac59c https://huntr.dev/bounties/69f4ca67-d615-4f25-b2d1-19df7bf1107d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1555 – DOM XSS in microweber ver 1.2.15 in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-1555
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie... Una vulnerabilidad de tipo DOM XSS en microweber versión 1.2.15 en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.16. inyectar código js arbitrario, desfigurar el sitio web, robar cookie... • https://github.com/microweber/microweber/commit/724e2d186a33c0c27273107dc4f160a09384877f https://huntr.dev/bounties/d9f9b5bd-16f3-4eaa-9e36-d4958b557687 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •