microweber/microweber Security Advisories for 1.1.8.x-dev (87)
-
[MEDIUM] Business Logic Errors in microweber/microweber
PKSA-y5qg-3krh-f9b5 CVE-2023-6832 GHSA-qjfx-fvx7-3wvw
Affected version: <2.0.0
Reported by:
GitHub -
[LOW] Microweber missing standardized error handling mechanism
PKSA-3c1q-3392-wkmp CVE-2023-6599 GHSA-9r6p-hg4g-5gxp
Affected version: <2.0.0
Reported by:
GitHub -
[MEDIUM] Microweber file upload vulnerability
PKSA-xs75-x9v8-bkhn CVE-2023-49052 GHSA-2c7x-w3mx-h7p6
Affected version: <=2.0.4
Reported by:
GitHub -
[MEDIUM] Microweber Improper Access Control vulnerability
PKSA-74rd-c6sw-mfrp CVE-2023-5976 GHSA-q57g-38pc-jwv8
Affected version: <2.0.0
Reported by:
GitHub -
[MEDIUM] Microweber Cross-site Scripting vulnerability
PKSA-n7r8-zpqq-jfjd CVE-2023-47379 GHSA-jmwm-w2rm-prv9
Affected version: <2.0.3
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in microweber/microweber
PKSA-md65-d7tx-bbhf CVE-2023-5861 GHSA-7q5f-29gx-57ff
Affected version: <2.0.0
Reported by:
GitHub -
[MEDIUM] Microweber uses hard coded credentials
PKSA-m9c6-mgh7-jfgc CVE-2023-5318 GHSA-r657-3wqh-g2x9
Affected version: <=1.3.4
Reported by:
GitHub -
[MEDIUM] Microweber Cross-site Scripting vulnerability
PKSA-z3vy-k1wh-bn3g CVE-2023-5244 GHSA-rgf9-j7gv-rq22
Affected version: <=1.3.4
Reported by:
GitHub -
[MEDIUM] Microweber Business Logic Errors
PKSA-xhwv-tsn6-jm7k CVE-2023-6566 GHSA-3rpx-pgmf-j96h
Affected version: <2.0.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Microweber Cross-site Scripting vulnerability
PKSA-zb2q-hcnk-cg6k CVE-2023-3142 GHSA-fqcv-rfp6-wv92
Affected version: <=1.3.4
Reported by:
GitHub -
[MEDIUM] Information exposure in microweber
PKSA-279x-12x2-x9t1 CVE-2023-2239 GHSA-h83h-77x2-6w6g
Affected version: <1.3.4
Reported by:
GitHub -
[HIGH] Improper Privilege Management in microweber
PKSA-885q-z461-7kxw CVE-2023-2240 GHSA-r6xq-xcxc-fghx
Affected version: <1.3.4
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to cross-site scripting (XSS)
PKSA-p47h-qx4x-x2bz CVE-2023-2014 GHSA-f4g6-c47x-qhww
Affected version: <1.3.3
Reported by:
GitHub -
[HIGH] Microweber vulnerable to stored cross-site scripting (XSS) via X-Forwarded-For header
PKSA-9pmn-8hgp-hp7r CVE-2023-1881 GHSA-hhjm-mpmf-cxg9
Affected version: <1.3.3
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to command injection
PKSA-qrb8-d4vh-dh64 CVE-2023-1877 GHSA-582p-2fpg-x226
Affected version: <1.3.3
Reported by:
GitHub -
[MEDIUM] Microweber Cross-site Scripting vulnerability
PKSA-gn5q-m2z9-rj2j CVE-2023-1081 GHSA-c2rc-8m9f-g4fh
Affected version: <=1.3.2
Reported by:
GitHub -
[MEDIUM] Microweber Cross-site Scripting vulnerability
PKSA-zdfg-jt73-8y7z CVE-2021-32856 GHSA-mv37-xrmc-hf64
Affected version: <=1.2.12
Reported by:
GitHub -
[MEDIUM] Microweber contains Cross-site Scripting
PKSA-8gr4-k329-d9km CVE-2023-0608 GHSA-pj97-r83v-vj7f
Affected version: <1.3.2
Reported by:
GitHub -
[HIGH] Microweber vulnerable to unrestricted malicious uploads
PKSA-zq9c-bxrf-3bjp CVE-2022-4732 GHSA-8h43-xg5g-9cj7
Affected version: <=1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to Stored Cross-Site Scripting
PKSA-7z67-5rd5-wkmv CVE-2022-4647 GHSA-9cmm-52cv-6hvc
Affected version: <=1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to Reflected Cross-site Scripting
PKSA-sbz2-jh9w-gqpr CVE-2022-4617 GHSA-3mmh-vq9w-4c3g
Affected version: <=1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to cross-site scripting (XSS)
PKSA-wx16-s43y-xhw1 CVE-2022-0698 GHSA-79gx-3fm8-qxqq
Affected version: <=1.3.1
Reported by:
GitHub -
[HIGH] Account Takeover Through Password Reset Poisoning
PKSA-d8nw-3v79-mvzg CVE-2022-33012 GHSA-rp7f-fhm8-9hpf
Affected version: <=1.2.15
Reported by:
GitHub -
[MEDIUM] Microweber Cross-site Scripting can result in redirection to a malicious site
PKSA-y76s-yhmf-6hyk CVE-2022-3242 GHSA-232p-59mg-f98p
Affected version: <=1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to HTML Injection in create tag functionality
PKSA-yckb-m7cf-td3k CVE-2022-3245 GHSA-gm8c-w9cm-c445
Affected version: <=1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber's title parameter in the body of POST request vulnerable to stored XSS
PKSA-52ck-8x1z-ypnr CVE-2022-2777 GHSA-cf6r-q678-f2p7
Affected version: <1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber Stored Cross-site Scripting before v1.2.20
PKSA-xqsk-1mz7-3ntm CVE-2022-2495 GHSA-xg72-6c83-ghh4
Affected version: <1.2.20
Reported by:
GitHub -
[MEDIUM] Microweber before 1.2.21 vulnerable to reflected XSS
PKSA-jngs-g3z7-r6t1 CVE-2022-2470 GHSA-cfcg-2qgr-v243
Affected version: <1.2.21
Reported by:
GitHub -
[MEDIUM] Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force password
PKSA-tcnh-tyfp-dpq6 CVE-2022-2368 GHSA-9wqr-9787-p4rf
Affected version: <1.2.21
Reported by:
GitHub -
[MEDIUM] Microweber before v1.2.20 vulnerable to cross-site scripting
PKSA-rf16-y1sd-ctn3 CVE-2022-2353 GHSA-gmh3-x5w7-jg5m
Affected version: <1.2.20
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-pkt4-qcf8-gtjx CVE-2022-2300 GHSA-q6mp-562x-ggvv
Affected version: <1.2.19
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-szv7-1g6k-m65x CVE-2022-2280 GHSA-5pg2-qg87-vmj7
Affected version: <1.2.19
Reported by:
GitHub -
[MEDIUM] Open Redirect in microweber
PKSA-fz35-1pgv-cp2h CVE-2022-2252 GHSA-437j-5qc3-c589
Affected version: <1.2.19
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Microweber
PKSA-txjj-s3jq-h5y8 CVE-2022-2174 GHSA-3x96-m42v-hvh5
Affected version: <1.2.18
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Microweber
PKSA-2112-2cdq-5yqb CVE-2022-2130 GHSA-27g3-58v4-fg9w
Affected version: <=1.2.17
Reported by:
GitHub -
[HIGH] Microweber Discloses Sensitive Information
PKSA-9529-zs76-9m63 CVE-2020-13405 GHSA-pmxg-w9c7-ffmq
Affected version: <1.1.20
Reported by:
GitHub -
[HIGH] Microweber allows Unrestricted File Upload
PKSA-g8md-8xc9-p5ky CVE-2020-13241 GHSA-89fp-j8v7-p82h
Affected version: <=1.1.18
Reported by:
GitHub -
[HIGH] Incorrect Authorization in microweber
PKSA-z7cb-7j1h-w8cz CVE-2022-1631 GHSA-73rp-q4rx-5grc
Affected version: <1.2.15
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to cross-site scripting (XSS)
PKSA-c5k9-tzdy-mcpz CVE-2022-1555 GHSA-6346-5r4h-ff5x
Affected version: <=1.2.15
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Microweber
PKSA-s6xs-6mw1-pfp1 CVE-2022-1584 GHSA-f23x-4gf4-m9ff
Affected version: <1.2.16
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-kcv4-v84p-mcbr CVE-2022-1504 GHSA-6xj3-fhrf-rjgc
Affected version: <1.2.15
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Microweber
PKSA-tjbx-zhrt-gprr CVE-2022-1439 GHSA-9w7h-3wwh-6m5q
Affected version: <1.2.15
Reported by:
GitHub -
[HIGH] Integer Overflow or Wraparound in Microweber
PKSA-kyhg-p4vz-vs71 CVE-2022-1036 GHSA-3qr6-qrqm-8v86
Affected version: <1.2.12
Reported by:
GitHub -
[MEDIUM] Stored Cross-site Scripting in Microweber
PKSA-f8qw-qjdd-m9w1 CVE-2022-0954 GHSA-8c76-mxv5-w4g8
Affected version: <=1.2.11
Reported by:
GitHub -
[HIGH] Denial of service in microweber
PKSA-hgnj-t4bc-xwcf CVE-2022-0961 GHSA-hrf4-hcpc-3345
Affected version: <=1.2.11
Reported by:
GitHub -
[MEDIUM] Unrestricted XML files leading to cross-site scripting in Microweber
PKSA-brfz-h1zk-bybj CVE-2022-0963 GHSA-q3x2-jvp3-wj78
Affected version: <1.2.12
Reported by:
GitHub -
[HIGH] Integer Overflow in microweber
PKSA-7n6w-575s-7hrf CVE-2022-0968 GHSA-5fxv-xx5p-g2fv
Affected version: <=1.2.11
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-112x-539h-7qyw CVE-2022-0926 GHSA-3q55-66g3-p8xq
Affected version: <1.2.12
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-dcb5-v96h-yy27 CVE-2022-0929 GHSA-5fxf-x22x-5q38
Affected version: <1.2.12
Reported by:
GitHub -
[HIGH] Cross-site Scripting in microweber
PKSA-yd6t-2qzn-yrj9 CVE-2022-0930 GHSA-2cv6-6437-39p2
Affected version: <1.2.12
Reported by:
GitHub -
[HIGH] Integer Overflow or Wraparound in Microweber
PKSA-7ry3-s1y7-q67q CVE-2022-0913 GHSA-c383-q5vf-hx55
Affected version: <1.2.12
Reported by:
GitHub -
[MEDIUM] Unrestricted Upload of File with Dangerous Type in microweber
PKSA-83db-ssn7-2mph CVE-2022-0912 GHSA-6vx5-cg2p-7g5v
Affected version: <1.2.12
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-dfxh-hs61-f52c CVE-2022-0928 GHSA-jjp3-m93h-5jm4
Affected version: <1.2.12
Reported by:
GitHub -
[MEDIUM] Unrestricted Upload of File with Dangerous Type in Microweber
PKSA-b6q4-kgj4-wdwt CVE-2022-0921 GHSA-j878-43hm-8gr5
Affected version: <1.2.12
Reported by:
GitHub -
[MEDIUM] Unrestricted file upload leads to stored cross-site scripting in Microweber
PKSA-6ch9-b4f1-hcvj CVE-2022-0906 GHSA-hf4q-52x6-4p57
Affected version: <1.2.12
Reported by:
GitHub -
[HIGH] Static Code Injection in Microweber
PKSA-rzd2-shy9-xs3n CVE-2022-0895 GHSA-x28w-hvwc-mp75
Affected version: <1.3
Reported by:
GitHub -
[HIGH] Improper Neutralization of Special Elements Used in a Template Engine in microweber
PKSA-xncv-v689-mqwz CVE-2022-0896 GHSA-q9qc-pp5x-mc8c
Affected version: <1.3
Reported by:
GitHub -
[HIGH] Rate limit missing in microweber
PKSA-c5ch-hxm2-mtnd CVE-2022-0777 GHSA-7r79-mrp6-8mhq
Affected version: <1.3
Reported by:
GitHub -
[MEDIUM] Exposure of Resource to Wrong Sphere in microweber
PKSA-c1wp-kh8g-2ygx CVE-2022-0762 GHSA-5875-p652-2ppm
Affected version: <1.3.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-73zb-t6vd-f999 CVE-2022-0763 GHSA-6m26-25q2-cq46
Affected version: <1.3
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-b321-kxf8-jdp8 CVE-2022-0723 GHSA-4p92-fv6v-fhfj
Affected version: <1.2.11
Reported by:
GitHub -
[HIGH] Insertion of Sensitive Information Into Debugging Code in Microweber
PKSA-8wx3-wy1s-y9rv CVE-2022-0721 GHSA-mjvc-j6rv-9xj8
Affected version: <1.3
Reported by:
GitHub -
[HIGH] Cross-site Scripting in Microweber
PKSA-dpx3-qsq9-4gdh CVE-2022-0719 GHSA-hj8g-cw8x-2c6m
Affected version: <1.3
Reported by:
GitHub -
[HIGH] Insecure Storage of Sensitive Information in Microweber
PKSA-1zxz-hz36-chyr CVE-2022-0724 GHSA-j8cx-j9j2-f29w
Affected version: <1.3
Reported by:
GitHub -
[LOW] Business Logic Errors in microweber
PKSA-79zq-cn4k-wzfk CVE-2022-0688 GHSA-c5gj-w4hx-gvmx
Affected version: <1.2.11
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-kzng-5tm9-xztg CVE-2022-0678 GHSA-38m9-3vg4-rwvp
Affected version: <1.2.11
Reported by:
GitHub -
[HIGH] Cross-site Scripting in microweber
PKSA-ns6t-hq17-pwdg CVE-2022-0690 GHSA-rgp5-m2pq-3fmg
Affected version: <1.2.11
Reported by:
GitHub -
[MEDIUM] Business Logic Errors in microweber
PKSA-ykwf-njxv-2829 CVE-2022-0689 GHSA-3p9j-442x-hjp7
Affected version: <1.2.11
Reported by:
GitHub -
[HIGH] Generation of Error Message Containing Sensitive Information in microweber
PKSA-qhj5-4k7k-gv7n CVE-2022-0660 GHSA-hhrj-wp42-32v3
Affected version: <1.2.11
Reported by:
GitHub -
[HIGH] CRLF Injection in microweber
PKSA-qk2x-ppgk-k9pd CVE-2022-0666 GHSA-3wwj-wh2w-g4xp
Affected version: <1.2.11
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery microweber
PKSA-msbt-qmpd-nyfq CVE-2022-0638 GHSA-ghww-cv4v-hmxx
Affected version: <1.2.11
Reported by:
GitHub -
[MEDIUM] Open redirect in microweber
PKSA-t4nq-5mrp-3kk9 CVE-2022-0597 GHSA-rw98-5846-pqhx
Affected version: <1.2.11
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to Improper Validation of Specified Quantity in Input
PKSA-bp72-nywy-xn14 CVE-2022-0596 GHSA-vpq7-m4qm-p2gp
Affected version: <1.2.11
Reported by:
GitHub -
[HIGH] OS Command Injection in Microweber
PKSA-9dbw-5t9v-sfzt CVE-2022-0557 GHSA-vm37-j55j-8655
Affected version: <1.2.11
Reported by:
GitHub -
[MEDIUM] Open redirect in microweber
PKSA-7557-q2xr-vy2t CVE-2022-0560 GHSA-r992-xph6-h7x2
Affected version: <1.2.11
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-dbcj-jp22-yxqc CVE-2022-0558 GHSA-wmj9-xh24-j4gx
Affected version: <1.2.11
Reported by:
GitHub -
[HIGH] Zip slip in Microweber
PKSA-kr1f-w5gv-wh8c CVE-2020-28337 GHSA-pqcf-v8v5-jmcg
Affected version: <1.2.3
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-y7vt-z5ff-cqw4 CVE-2022-0506 GHSA-jjvm-3mfq-7gc7
Affected version: <=1.2.10
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery in microweber
PKSA-128g-cv5m-f1b6 CVE-2022-0505 GHSA-7x2h-3v2v-24p9
Affected version: <=1.2.10
Reported by:
GitHub -
[MEDIUM] Generation of Error Message Containing Sensitive Information in microweber
PKSA-m3t2-kn2t-79g4 CVE-2022-0504 GHSA-xxq4-3742-3h28
Affected version: <=1.2.10
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-5zqt-63qv-2sby CVE-2022-0379 GHSA-prff-6j8q-vrv7
Affected version: <1.2.11
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-2qkm-x4m7-8vkg CVE-2022-0378 GHSA-3j58-p785-f27x
Affected version: <1.2.11
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-kssg-hqr2-h9z3 CVE-2022-0278 GHSA-m8rp-q82r-c5mf
Affected version: <1.2.11
Reported by:
GitHub -
[HIGH] Exposure of Sensitive Information to an Unauthorized Actor in microweber
PKSA-sxx7-7h9s-k87q CVE-2022-0281 GHSA-7wv8-g97r-432h
Affected version: <1.2.11
Reported by:
GitHub -
[MEDIUM] Microweber Incorrect Permission Assignment for Critical Resource vulnerability
PKSA-nptz-nkvg-vkfc CVE-2022-0277 GHSA-vcgf-vmpc-ph79
Affected version: <1.2.11
Reported by:
GitHub -
[HIGH] Code Injection in microweber
PKSA-3x8v-8h8s-yzs1 CVE-2022-0282 GHSA-p5hj-xxfr-pwc3
Affected version: <1.2.11
Reported by:
GitHub -
[MEDIUM] Cross Site Scripting in Microweber
PKSA-nh4w-h5jj-zz1y CVE-2021-33988 GHSA-w7x8-cq7r-g5g9
Affected version: <1.2.8
Reported by:
GitHub