microweber/microweber Security Advisories for v1.2.15 (44)
-
[MEDIUM] Business Logic Errors in microweber/microweber
PKSA-y5qg-3krh-f9b5 CVE-2023-6832 GHSA-qjfx-fvx7-3wvw
Affected version: <2.0.0
Reported by:
GitHub -
[LOW] Microweber missing standardized error handling mechanism
PKSA-3c1q-3392-wkmp CVE-2023-6599 GHSA-9r6p-hg4g-5gxp
Affected version: <2.0.0
Reported by:
GitHub -
[MEDIUM] Microweber file upload vulnerability
PKSA-xs75-x9v8-bkhn CVE-2023-49052 GHSA-2c7x-w3mx-h7p6
Affected version: <=2.0.4
Reported by:
GitHub -
[MEDIUM] Microweber Improper Access Control vulnerability
PKSA-74rd-c6sw-mfrp CVE-2023-5976 GHSA-q57g-38pc-jwv8
Affected version: <2.0.0
Reported by:
GitHub -
[MEDIUM] Microweber Cross-site Scripting vulnerability
PKSA-n7r8-zpqq-jfjd CVE-2023-47379 GHSA-jmwm-w2rm-prv9
Affected version: <2.0.3
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in microweber/microweber
PKSA-md65-d7tx-bbhf CVE-2023-5861 GHSA-7q5f-29gx-57ff
Affected version: <2.0.0
Reported by:
GitHub -
[MEDIUM] Microweber uses hard coded credentials
PKSA-m9c6-mgh7-jfgc CVE-2023-5318 GHSA-r657-3wqh-g2x9
Affected version: <=1.3.4
Reported by:
GitHub -
[MEDIUM] Microweber Cross-site Scripting vulnerability
PKSA-z3vy-k1wh-bn3g CVE-2023-5244 GHSA-rgf9-j7gv-rq22
Affected version: <=1.3.4
Reported by:
GitHub -
[MEDIUM] Microweber Business Logic Errors
PKSA-xhwv-tsn6-jm7k CVE-2023-6566 GHSA-3rpx-pgmf-j96h
Affected version: <2.0.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Microweber Cross-site Scripting vulnerability
PKSA-zb2q-hcnk-cg6k CVE-2023-3142 GHSA-fqcv-rfp6-wv92
Affected version: <=1.3.4
Reported by:
GitHub -
[MEDIUM] Information exposure in microweber
PKSA-279x-12x2-x9t1 CVE-2023-2239 GHSA-h83h-77x2-6w6g
Affected version: <1.3.4
Reported by:
GitHub -
[HIGH] Improper Privilege Management in microweber
PKSA-885q-z461-7kxw CVE-2023-2240 GHSA-r6xq-xcxc-fghx
Affected version: <1.3.4
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to cross-site scripting (XSS)
PKSA-p47h-qx4x-x2bz CVE-2023-2014 GHSA-f4g6-c47x-qhww
Affected version: <1.3.3
Reported by:
GitHub -
[HIGH] Microweber vulnerable to stored cross-site scripting (XSS) via X-Forwarded-For header
PKSA-9pmn-8hgp-hp7r CVE-2023-1881 GHSA-hhjm-mpmf-cxg9
Affected version: <1.3.3
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to command injection
PKSA-qrb8-d4vh-dh64 CVE-2023-1877 GHSA-582p-2fpg-x226
Affected version: <1.3.3
Reported by:
GitHub -
[MEDIUM] Microweber Cross-site Scripting vulnerability
PKSA-gn5q-m2z9-rj2j CVE-2023-1081 GHSA-c2rc-8m9f-g4fh
Affected version: <=1.3.2
Reported by:
GitHub -
[MEDIUM] Microweber contains Cross-site Scripting
PKSA-8gr4-k329-d9km CVE-2023-0608 GHSA-pj97-r83v-vj7f
Affected version: <1.3.2
Reported by:
GitHub -
[HIGH] Microweber vulnerable to unrestricted malicious uploads
PKSA-zq9c-bxrf-3bjp CVE-2022-4732 GHSA-8h43-xg5g-9cj7
Affected version: <=1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to Stored Cross-Site Scripting
PKSA-7z67-5rd5-wkmv CVE-2022-4647 GHSA-9cmm-52cv-6hvc
Affected version: <=1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to Reflected Cross-site Scripting
PKSA-sbz2-jh9w-gqpr CVE-2022-4617 GHSA-3mmh-vq9w-4c3g
Affected version: <=1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to cross-site scripting (XSS)
PKSA-wx16-s43y-xhw1 CVE-2022-0698 GHSA-79gx-3fm8-qxqq
Affected version: <=1.3.1
Reported by:
GitHub -
[HIGH] Account Takeover Through Password Reset Poisoning
PKSA-d8nw-3v79-mvzg CVE-2022-33012 GHSA-rp7f-fhm8-9hpf
Affected version: <=1.2.15
Reported by:
GitHub -
[MEDIUM] Microweber Cross-site Scripting can result in redirection to a malicious site
PKSA-y76s-yhmf-6hyk CVE-2022-3242 GHSA-232p-59mg-f98p
Affected version: <=1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to HTML Injection in create tag functionality
PKSA-yckb-m7cf-td3k CVE-2022-3245 GHSA-gm8c-w9cm-c445
Affected version: <=1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber's title parameter in the body of POST request vulnerable to stored XSS
PKSA-52ck-8x1z-ypnr CVE-2022-2777 GHSA-cf6r-q678-f2p7
Affected version: <1.3.1
Reported by:
GitHub -
[MEDIUM] Microweber Stored Cross-site Scripting before v1.2.20
PKSA-xqsk-1mz7-3ntm CVE-2022-2495 GHSA-xg72-6c83-ghh4
Affected version: <1.2.20
Reported by:
GitHub -
[MEDIUM] Microweber before 1.2.21 vulnerable to reflected XSS
PKSA-jngs-g3z7-r6t1 CVE-2022-2470 GHSA-cfcg-2qgr-v243
Affected version: <1.2.21
Reported by:
GitHub -
[MEDIUM] Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force password
PKSA-tcnh-tyfp-dpq6 CVE-2022-2368 GHSA-9wqr-9787-p4rf
Affected version: <1.2.21
Reported by:
GitHub -
[MEDIUM] Microweber before v1.2.20 vulnerable to cross-site scripting
PKSA-rf16-y1sd-ctn3 CVE-2022-2353 GHSA-gmh3-x5w7-jg5m
Affected version: <1.2.20
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-pkt4-qcf8-gtjx CVE-2022-2300 GHSA-q6mp-562x-ggvv
Affected version: <1.2.19
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-szv7-1g6k-m65x CVE-2022-2280 GHSA-5pg2-qg87-vmj7
Affected version: <1.2.19
Reported by:
GitHub -
[MEDIUM] Open Redirect in microweber
PKSA-fz35-1pgv-cp2h CVE-2022-2252 GHSA-437j-5qc3-c589
Affected version: <1.2.19
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Microweber
PKSA-txjj-s3jq-h5y8 CVE-2022-2174 GHSA-3x96-m42v-hvh5
Affected version: <1.2.18
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Microweber
PKSA-2112-2cdq-5yqb CVE-2022-2130 GHSA-27g3-58v4-fg9w
Affected version: <=1.2.17
Reported by:
GitHub -
[MEDIUM] Microweber vulnerable to cross-site scripting (XSS)
PKSA-c5k9-tzdy-mcpz CVE-2022-1555 GHSA-6346-5r4h-ff5x
Affected version: <=1.2.15
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Microweber
PKSA-s6xs-6mw1-pfp1 CVE-2022-1584 GHSA-f23x-4gf4-m9ff
Affected version: <1.2.16
Reported by:
GitHub -
[HIGH] Static Code Injection in Microweber
PKSA-rzd2-shy9-xs3n CVE-2022-0895 GHSA-x28w-hvwc-mp75
Affected version: <1.3
Reported by:
GitHub -
[HIGH] Improper Neutralization of Special Elements Used in a Template Engine in microweber
PKSA-xncv-v689-mqwz CVE-2022-0896 GHSA-q9qc-pp5x-mc8c
Affected version: <1.3
Reported by:
GitHub -
[HIGH] Rate limit missing in microweber
PKSA-c5ch-hxm2-mtnd CVE-2022-0777 GHSA-7r79-mrp6-8mhq
Affected version: <1.3
Reported by:
GitHub -
[MEDIUM] Exposure of Resource to Wrong Sphere in microweber
PKSA-c1wp-kh8g-2ygx CVE-2022-0762 GHSA-5875-p652-2ppm
Affected version: <1.3.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in microweber
PKSA-73zb-t6vd-f999 CVE-2022-0763 GHSA-6m26-25q2-cq46
Affected version: <1.3
Reported by:
GitHub -
[HIGH] Insertion of Sensitive Information Into Debugging Code in Microweber
PKSA-8wx3-wy1s-y9rv CVE-2022-0721 GHSA-mjvc-j6rv-9xj8
Affected version: <1.3
Reported by:
GitHub -
[HIGH] Cross-site Scripting in Microweber
PKSA-dpx3-qsq9-4gdh CVE-2022-0719 GHSA-hj8g-cw8x-2c6m
Affected version: <1.3
Reported by:
GitHub -
[HIGH] Insecure Storage of Sensitive Information in Microweber
PKSA-1zxz-hz36-chyr CVE-2022-0724 GHSA-j8cx-j9j2-f29w
Affected version: <1.3
Reported by:
GitHub