CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1584 – Reflected XSS in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-1584
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim Una vulnerabilidad ded tipo XSS reflejado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.16. Ejecución de JavaScript como víctima • https://github.com/microweber/microweber/commit/527abd148e6b7aff8df92a9f1aa951e5bebac59c https://huntr.dev/bounties/69f4ca67-d615-4f25-b2d1-19df7bf1107d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1555 – DOM XSS in microweber ver 1.2.15 in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-1555
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie... Una vulnerabilidad de tipo DOM XSS en microweber versión 1.2.15 en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.16. inyectar código js arbitrario, desfigurar el sitio web, robar cookie... • https://github.com/microweber/microweber/commit/724e2d186a33c0c27273107dc4f160a09384877f https://huntr.dev/bounties/d9f9b5bd-16f3-4eaa-9e36-d4958b557687 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1504 – XSS in /demo/module/?module=HERE in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-1504
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks. Una vulnerabilidad de tipo XSS en /demo/module/?module=HERE en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.15. • https://github.com/microweber/microweber/commit/1f6a4de416a85e626dc643bb5ceb916e4802223e https://huntr.dev/bounties/b8e5c324-3dfe-46b4-8095-1697c6b0a6d6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1439 – Reflected XSS on demo.microweber.org/demo/module/ in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-1439
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction. Una vulnerabilidad de tipo XSS reflejado en demo.microweber.org/demo/module/ en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.15. Ejecuta JavaScript arbitrario como el usuario atacado. • https://github.com/microweber/microweber/commit/ad3928f67b2cd4443f4323d858b666d35a919ba8 https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1036 – Able to create an account with long password leads to memory corruption / Integer Overflow in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-1036
Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12. La posibilidad de crear una cuenta con una contraseña larga conlleva una corrupción de memoria / Desbordamiento de Búfer, en el repositorio GitHub microweber/microweber versiones anteriores a 1.2.12 • https://github.com/microweber/microweber/commit/82be4f0b4729be870ccefdae99a04833f134aa6a https://huntr.dev/bounties/db615581-d5a9-4ca5-a3e9-7a39eceaa424 • CWE-190: Integer Overflow or Wraparound •