CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48122
https://notcve.org/view.php?id=CVE-2023-48122
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method. Un problema en Microweber v.2.0.1 y solucionado en v.2.0.4 permite a un atacante remoto obtener información confidencial a través del método HTTP GET. • https://gist.github.com/grozdniyandy/1847ad48126d6bba39bdeb49114bc300 https://github.com/microweber/microweber/issues/1042 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47379
https://notcve.org/view.php?id=CVE-2023-47379
Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality. Microweber CMS versión 2.0.1 es vulnerable a Cross Site Scripting (XSS) almacenado a través de la funcionalidad de subida de archivos de imagen de perfil. • https://github.com/microweber/microweber/blob/master/CHANGELOG.md https://github.com/microweber/microweber/commit/c6e7ea9d0abd7564a3bb23c14ad172e4ccf27a7e#diff-fac4e7e9eca69c10d074bf8c5eac7f64b018c6b4d91dcad54b340a8560049e00 https://www.getastra.com/blog/security-audit/stored-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •