CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1504 – XSS in /demo/module/?module=HERE in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-1504
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks. Una vulnerabilidad de tipo XSS en /demo/module/?module=HERE en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.15. • https://github.com/microweber/microweber/commit/1f6a4de416a85e626dc643bb5ceb916e4802223e https://huntr.dev/bounties/b8e5c324-3dfe-46b4-8095-1697c6b0a6d6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1439 – Reflected XSS on demo.microweber.org/demo/module/ in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-1439
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction. Una vulnerabilidad de tipo XSS reflejado en demo.microweber.org/demo/module/ en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.15. Ejecuta JavaScript arbitrario como el usuario atacado. • https://github.com/microweber/microweber/commit/ad3928f67b2cd4443f4323d858b666d35a919ba8 https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1036 – Able to create an account with long password leads to memory corruption / Integer Overflow in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-1036
Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12. La posibilidad de crear una cuenta con una contraseña larga conlleva una corrupción de memoria / Desbordamiento de Búfer, en el repositorio GitHub microweber/microweber versiones anteriores a 1.2.12 • https://github.com/microweber/microweber/commit/82be4f0b4729be870ccefdae99a04833f134aa6a https://huntr.dev/bounties/db615581-d5a9-4ca5-a3e9-7a39eceaa424 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0968 – The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0968
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12. La aplicación microweber permite insertar caracteres grandes en el campo de entrada "fist & last name", lo que puede permitir a atacantes causar una denegación de servicio (DoS) por medio de una petición HTTP diseñada. en microweber/microweber en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.12 • https://github.com/microweber/microweber/commit/80e39084729a57dfe749626c3b9d35247a14c49e https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0963 – Unrestricted XML Files Leads to Stored XSS in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0963
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12. Los archivos XML sin restricciones conllevan a un ataque de tipo XSS almacenado en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.12 • https://github.com/microweber/microweber/commit/975fc1d6d3fba598ee550849ceb81af23ce72e08 https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •