RSS   Podatności dla 'Microweber'   RSS

2022-06-22
 
CVE-2022-2174

CWE-79
 

 
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.

 
2022-06-20
 
CVE-2022-2130

CWE-79
 

 
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.

 
2022-05-04
 
CVE-2022-1584

CWE-79
 

 
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim

 
 
CVE-2022-1555

CWE-79
 

 
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...

 
2022-04-27
 
CVE-2022-1504

CWE-79
 

 
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.

 
2022-04-22
 
CVE-2022-1439

CWE-79
 

 
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.

 
2022-03-22
 
CVE-2022-1036

CWE-190
 

 
Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.

 
2022-03-15
 
CVE-2022-0963

CWE-79
 

 
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.

 
 
CVE-2022-0968

CWE-190
 

 
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.

 
 
CVE-2022-0961

CWE-190
 

 
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.

 


Copyright 2022, cxsecurity.com

 

Back to Top